SUSE-SU-2026:21775-1 Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

EUVD-2006-0725

Malware in sbrugna...

CVE-2025-20192

A vulnerability in the Internet Key Exchange version 1 IKEv1 implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is du...

CVE-2025-20192

Summary: CVE-2025-20192 affects Cisco IOS XE Software. It is a vulnerability in the IKEv1 implementation where improper validation of IKEv1 phase 2 parameters before handing off to the hardware cryptographic accelerator can allow an authenticated, remote attacker with valid IKEv1 VPN credentials ...

PT-2025-20264 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Internet Key Exchange version 1 IKEv1 implementation could allow an authenticated, remote attacker to cause a denial of service DoS condition. The...

Linux Distros Unpatched Vulnerability : CVE-2008-1198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easi...

Denial Of Service (DoS)

Linux kernal-rt is vulnerable to denial of service. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker can use this flaw to crash, or potentially...

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

unauthorized deletion of IPsec SAs in isakmpd, still

1 Abstract For nearly 10 months a handful of OpenBSD-developers is trying to fix a plethora of payload handling flaws in isakmpd. On 2004/01/13 they released something like a final patch to a broader public. The patch protects against some specific attacks, but does not solve the problem. 2...

Re: multiple payload handling flaws in isakmpd, again

There is one important thing I forgot to mention. In isakmpd deleting an IPsec SA also means deleting the appropriate IPsec policy in almost any case. Take a look at pfkeyv2deletespi in pfkeyv2.c. It calls pfkeyv2disablesa, the policy eraser ;-, if the SA was not acquired through the kernel: if...

CVE-2002-0414

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database SPD, which could cause a Security Gateway SG that does not use Encapsulating Security Payload ESP to forward forged IPv4 packets...