CVE-2012-2499

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985...

CVE-2005-3753

Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service Oops via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker...

CVE-2025-37959

CVE-2025-37959 (Linux kernel) : When using bpf_redirect_peer to forward packets to a device in a different network namespace, skb data is not scrubbed, causing possible leakage of namespace-specific information. The issue arises because the packet’s XFRM state and skb extensions persist across ne...

CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136

CVE-2025-0136 affects PAN-OS on Intel-based Palo Alto Networks firewalls (PA-7500, PA-5400/5400f, PA-3400, PA-1600, PA-1400, PA-400). The issue arises from using AES-128-CCM for IPSec, which leads to unencrypted data transfer between devices connected to the PAN-OS firewall through IPSec. Affecte...

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

The vulnerability of the ipsec_road_asp function in D-Link DI-8100 router microprogramming software allows a attacker to execute arbitrary code.

The vulnerability of the ipsecroadasp function in D-Link DI-8100 router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Assessing the Latency of Network Layer Security in 5G Networks

In contrast to its predecessors, 5G supports a wide range of commercial, industrial, and critical infrastructure scenarios. One key feature of 5G, ultra-reliable low latency communication, is particularly appealing to such scenarios for its real-time capabilities. However, 5G's enhanced security,...

Unbreakable Enterprise kernel security update

5.15.0-308.179.6 - net: bridge: IP defragmentation failing for jumboframes Venkat Venkatsubra Orabug: 37847171 - uek-rpm: remove .el9 from shim version Samasth Norway Ananda Orabug: 37834731 - RDS: avoid using offlined CPU during reconnect Arumugam Kolappan Orabug: 37783021 - net/mlx5e: Rely on...

CVE-2025-20192

A vulnerability in the Internet Key Exchange version 1 IKEv1 implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is du...

CVE-2025-20192

A vulnerability in the Internet Key Exchange version 1 IKEv1 implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is du...

CVE-2025-20192

Summary: CVE-2025-20192 affects Cisco IOS XE Software. It is a vulnerability in the IKEv1 implementation where improper validation of IKEv1 phase 2 parameters before handing off to the hardware cryptographic accelerator can allow an authenticated, remote attacker with valid IKEv1 VPN credentials ...

PT-2025-20264 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Internet Key Exchange version 1 IKEv1 implementation could allow an authenticated, remote attacker to cause a denial of service DoS condition. The...

[SECURITY] Fedora 42 Update: openiked-7.4-2.fc42

OpenIKED is a free, permissively licensed Internet Key Exchange IKEv2 implementation, developed as part of the OpenBSD project. It is intended to be a lean, secure and inter-operable daemon that allows for easy setup and management of IPsec VPNs...

The vulnerability of the IPsec IKE service in the FortiOS operating system allows a attacker to induce a service failure.

The vulnerability of the IPsec IKE service in the FortiOS operating system is related to a numerical overflow condition. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

The vulnerability of the ipsec_net_asp function in the D-Link DI-8100 network device allows a hacker to execute arbitrary code.

The vulnerability of the ipsecnetasp function in the D-Link DI-8100 network device’s microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...

CVE-2025-28398

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsecnetasp function via the remotip parameter...

CVE-2025-28395

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsecroadasp function via the hostip parameter...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 16.07.26A1, which originates from the failure of the remoteip parameter in the ipsecnetasp function t...

CVE-2025-28395

D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsecroadasp function via the hostip parameter...