CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2012/08/30 12:0 a.m.•26 views

Fedora Update for strongswan FEDORA-2012-8815

Check for the Version of strongswan OpenVAS Vulnerability Test Fedora Update for strongswan FEDORA-2012-8815 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

7.5CVSS9.5AI score0.03281EPSS

Cisco•added 2012/08/09 8:55 p.m.•21 views

Cisco AnyConnect Secure Mobility Client WebLaunch Session Hijack Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to hijack WebLaunch sessions, which could allow the attacker to intercept sensitive information. The vulnerability is due to the failure to perform certificate name checking in an...

4.3CVSS1.2AI score0.00463EPSS

Cisco•added 2012/08/09 8:16 p.m.•23 views

Cisco AnyConnect Secure Mobility Client IPsec Certificate Validation Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability exists because the affected software does not perform certificate name checking in an X.509 certificate when the software i...

4.3CVSS6.5AI score0.00527EPSS

NVD•added 2012/08/06 5:55 p.m.•17 views

CVE-2012-2499

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985...

5.8CVSS6.2AI score0.00527EPSS

Prion•added 2012/08/06 5:55 p.m.•22 views

Information disclosure

5.8CVSS6.7AI score0.00527EPSS

Prion•added 2012/08/06 5:55 p.m.•21 views

Code injection

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470...

4CVSS6.7AI score0.00463EPSS

Cvelist•added 2012/08/06 5:0 p.m.•29 views

CVE-2012-2499

6.1AI score0.00527EPSS

CVE•added 2012/08/06 5:0 p.m.•48 views

CVE-2012-2499

CVE-2012-2499 affects Cisco AnyConnect Secure Mobility Client prior to 3.0.08057. The IPsec implementation fails to verify the certificate name in an X.509 certificate, enabling MITM with a crafted certificate and potential server spoofing. Root cause: missing certificate-name validation for IPse...

5.8CVSS6.4AI score0.00527EPSS

CVE•added 2012/08/06 5:0 p.m.•53 views

CVE-2012-2500

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 is vulnerable to a WebLaunch IPsec certificate name check bypass. The root cause is failure to verify the X.509 certificate name, enabling MITM attackers to spoof servers via a crafted certificate. Impact is interception of WebLaunch se...

4CVSS6.4AI score0.00463EPSS

Tenable Nessus•added 2012/08/01 12:0 a.m.•39 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This update fixes the following security issues : - a logic error was found in the dosetlk function of the Linux kernel Network File System NFS implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS...

4.9CVSS5.6AI score0.01255EPSS

Exploits2References21

Tenable Nessus•added 2012/08/01 12:0 a.m.•20 views

Scientific Linux Security Update : openswan on SL6.x i386/x86_64

Openswan is a free implementation of Internet Protocol Security IPsec and Internet Key Exchange IKE. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw...

5CVSS5.3AI score0.02406EPSS

Tenable Nessus•added 2012/08/01 12:0 a.m.•33 views

Scientific Linux Security Update : openswan on SL6.x i386/x86_64

Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. CVE-2010-3302, CVE-2010-3308 Two input...

6.5CVSS6.4AI score0.04034EPSS

Exploits0References5

Tenable Nessus•added 2012/08/01 12:0 a.m.•22 views

Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64

4CVSS5.4AI score0.02165EPSS

Tenable Nessus•added 2012/08/01 12:0 a.m.•33 views

Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64

A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. CVE-2009-1574 Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker...

5CVSS5.1AI score0.11631EPSS

Exploits2References3

Tenable Nessus•added 2012/08/01 12:0 a.m.•30 views

Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64

Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. CVE-2008-3651, CVE-2008-3652 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

7.8CVSS5.4AI score0.03435EPSS

Exploits1References3

Tenable Nessus•added 2012/08/01 12:0 a.m.•29 views

Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64

A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. CVE-2007-1841 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text i...

4.3CVSS5.3AI score0.02851EPSS