Privilege Escalation

linux is vulnerable to heap buffer overflow flaw. The vulnerability exists in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c which allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

SUSE SLES12: kgraft-patch-4_12_14-122_103-default / etc (SUSE-SU-2022:1242-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1242-1 advisory. This update for the Linux Kernel 4.12.14-122103 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffe...

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

Race condition

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

CVE-2022-20679 Cisco IOS XE Software IPSec Denial of Service Vulnerability

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

CVE-2022-20679

CVE-2022-20679 involves a vulnerability in the IPSec decryption routine of Cisco IOS XE Software. It can allow an unauthenticated, remote attacker to cause an affected device to reload (DoS) due to buffer exhaustion while processing traffic on a configured IPsec tunnel. Exploitation requires send...

Cisco IOS XR IPSec Denial of Service Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.A denial-of-service vulnerability exists in Cisco IOS XR IPSec, which stems from buffer exhaustion while processing traffic on a configured IPsec tunnel, and can be exploited by an attacker to cause the device t...

SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:1224-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1224-1 advisory. - In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalati...

SUSE SLES12 Security Update : kernel (Live Patch 29 for SLE 12 SP5) (SUSE-SU-2022:1192-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:1192-1 advisory. - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with...

SUSE SLES12 Security Update : kernel (Live Patch 21 for SLE 12 SP4) (SUSE-SU-2022:1182-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:1182-1 advisory. - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with...

SUSE SLES12 Security Update : kernel (Live Patch 17 for SLE 12 SP5) (SUSE-SU-2022:1189-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1189-1 advisory. - kernel: failing usercopy allows for use-after-free exploitation CVE-2022-22942 - A heap buffer overflow flaw was found in IPsec ESP...

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

Cisco IOS XE Software IPSec Denial of Service Vulnerability

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured...

SUSE-SU-2022:1182-1 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-9583 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may...

PT-2022-2315 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the IPSec decryption routine could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS...

SUSE SLES15 Security Update : kernel (Live Patch 27 for SLE 15 SP1) (SUSE-SU-2022:1172-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1172-1 advisory. - kernel: failing usercopy allows for use-after-free exploitation CVE-2022-22942 - A heap buffer overflow flaw was found in IPsec E...

CVE-2022-27270

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component ipsecsecrets. This vulnerability is triggered via a crafted packet...

CVE-2022-27270

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component ipsecsecrets. This vulnerability is triggered via a crafted packet...

Remote code execution

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component ipsecsecrets. This vulnerability is triggered via a crafted packet...

PT-2022-18344 · Inhand Networks · Inrouter 900

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered in the ipsec secrets component. This issue can be triggered by a crafted packet, potentially allowing f...