Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that originates from a vulnerabili...

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of...

CVE-2024-21894

Ivanti Connect Secure and Ivanti Policy Secure are affected by CVE-2024-21894/CVE-2024-29205, a heap overflow in the IPSec/web component that can be exploited by an unauthenticated remote attacker to crash the service and, in certain conditions, may lead to arbitrary code execution. Affected vers...

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory...

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack...

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory...

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack...

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack...

CVE-2024-22052

Technical details about CVE-2024-22052 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources.

CVE-2024-22053

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) are affected by CVE-2024-22053. A heap overflow in the IPSec component allows an unauthenticated attacker to send crafted requests that crash the service (DoS) and, in some cases, read contents from memory. The CVSS 3.1/3.0 im...

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory...

Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities (CVE-2024-21894)

The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by multiple vulnerabilities: - A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially...

ROS-20240402-14

Vulnerability of a VPN packet based on IPSec strongSwan protocol is caused by a bug in the charon-tkm process with the key exchange IKE protocol implementation based on TKMv2 Trusted Key Manager. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2024-30861

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsecguide1.php...

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the file /admin/configguide/ipsecguide1.php...

GHSA-PWQM-X5X6-5586 Cilium has insecure IPsec transport encryption

Impact Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker: - Chosen plaintext attacks - Key recovery attacks -...

Cilium has insecure IPsec transport encryption

Impact Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker: - Chosen plaintext attacks - Key recovery attacks -...

Virtuozzo Hybrid Infrastructure 6.1 (6.1.0-238)

In this release, Virtuozzo Hybrid Infrastructure introduces a new service---Backup and Restore as a Service---as well as provides a range of new features that cover improvements in the compute services and object storage. Additionally, this release delivers stability and security improvements, an...

CVE-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-28860 Insecure IPsec transport encryption in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...