2806 matches found
[SECURITY] [DLA 3143-1] strongswan security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3143-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 10, 2022 https://wiki.debian.org/LTS -...
The Bug Report — September 2022 Edition
The Bug Report — September 2022 Edition By Charles McFarland · October 5, 2022 As long as it works.... Why am I here? Welcome back to the Bug Report, don’t-stub-your-toe edition! For those in the audience unfamiliar with how we do things here, every month we filter down that month’s bugs to just ...
USN-5651-2: strongSwan vulnerability
USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificate...
USN-5651-1: strongSwan vulnerability
Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A remote attacker could possibly use this issue to initiate IKESAs and send crafted certificates that contain URIs pointing to servers under their control, which...
Microsoft Windows TCP/IP Remote Code Execution Vulnerability (CNVD-2022-63613)
The Microsoft Windows TCP/IP component is a Microsoft component that provides TCP/IP configuration capabilities for Windows. A security vulnerability exists in Microsoft Windows TCP/IP. No detailed vulnerability details are provided at this time...
nss and nspr bug fix and enhancement update
An update is available for nspr, nss. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...
SUSE SLES15 Security Update : openvswitch (SUSE-SU-2022:3116-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3116-1 advisory. - Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode...
CVE-2022-20923
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
CVE-2022-20923
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
Authentication flaw
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
CVE-2022-20923
The CVE-2022-20923 issue affects Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. A vulnerability in the IPSec VPN Server authentication allows an unauthenticated, remote attacker to bypass authentication controls via a flawed password validation algorithm, potentially gaining acce...
CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...
PT-2022-4710 · Cisco · Cisco Small Business Rv130W +3
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers affected versions not specified Description: A vulnerability in the IPSec VPN Server authentication functionality could allow an unauthenticated, remote attacker to bypass...
Ubuntu: Security Advisory (USN-3482-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-107-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-7340 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A memory leak issue was found in the Linux Kernel, specifically in the rlb arp xmit function of the drivers/net/bonding/bond alb.c file, which is part of the IPsec component. This issu...
kernel: buffer overflow in IPsec ESP transformation code
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
CVE-2022-31602
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure...