Linux Distros Unpatched Vulnerability : CVE-2025-68192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC header, leaving skb-macheader uninitialized. This can trigger kernel...

EUVD-2023-1220

Malicious code in bioql PyPI...

EUVD-2023-42485

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream...

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1Not Applicable to 9.1Rx allows a remote unauthenticated attacker to cause a denial of service...

MGASA-2024-0085 Updated libreswan packages fix security vulnerabilities

The updated package fixes security vulnerabilities: pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. CVE-2023-30570 An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY...

Oracle Linux 8 : libreswan (ELSA-2023-7052)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7052 advisory. - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 9 : libreswan (ELSA-2023-6549)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6549 advisory. - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Just bumping up the version to include bugs for CVE-2023-2295. There is no cod...

CentOS 8 : libreswan (CESA-2023:7052)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:7052 advisory. - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an erro...

RHEL 8 : libreswan (RHSA-2023:7052)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7052 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide...

RHEL 9 : libreswan (RHSA-2023:6549)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6549 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide...

CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

AZL-28064 CVE-2023-38710 affecting package libreswan for versions less than 4.7-5

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

Code injection

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

Libreswan 安全漏洞

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan versions prior to 4.12, which stems from an error notification INVALIDSPI being sent in a renegotiation REKEY...

CVE-2023-38710

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

CVE-2020-1657

On SRX Series devices, a vulnerability in the key-management-daemon kmd daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association SA is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it wou...