303 matches found
CVE-2026-23440
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition during IPSec ESN update In IPSec full offload mode, the device reports an ESN Extended Sequence Number wrap event to the driver. The driver validates this event by querying the IPSec ASO and checking...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...
Antrea has Missing Encryption of Sensitive Data
Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...
PT-2026-30135
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the handling of IPSec ESN Extended Sequence Number wrap events in the mlx5e driver when operating in IPSec full offload mode. After validating an ESN event, th...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions in the processing of IPSec ESN updates, potentially leading to inconsistent states...
CVE-2026-34820
Endian Firewall
Siemens APE1808 Integer Overflow or Wraparound (CVE-2024-46669)
AnInteger Overflow or Wraparound vulnerability in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. This plugin...
[SECURITY] Fedora 42 Update: strongswan-6.0.4-2.fc42
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...
CVE-2026-20049
A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞
Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...
Security Advisory 0134
Security Advisory 0134 PDF Date: February 17, 2026 Revision | Date | Changes ---|---|--- 1.0 | February 17, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-2379 CVSSv3.1 Base Score: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Common Weakness Enumeration: CWE-672: Operation on...
CVE-2025-59097
The CVE-2025-59097 issue affects the dormakaba exos 9300 configuration GUI used to push configurations to Access Managers (e.g., 92xx, 9230, 9290). When the user saves a configuration, the SOAP payload is sent to the selected Access Manager without authentication or authorization by default. Whil...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21674)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21674 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001390)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001390 advisory. The Linux kernel before 5.11.14 has a use-after-free in cipsov4genopt in net/ipv4/cipsoipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004177)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004177 advisory. A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002300)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002300 advisory. The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001688)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001688 advisory. A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ixgbevf: Fixed compatibility issues with the mailbox API by negotiating supported features. There was backward compatibility regarding the mailbox API. Various drivers from different operating systems that support 10G adapters...
CVE-2011-0841
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP...
EUVD-2025-203704
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC header, leaving skb-macheader uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems access the offset due ...