PT-2023-30300 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 4.3.13 through 4.3.22 Stormshield Network Security SNS versions 4.6.0 through 4.6.9 Stormshield Network Security SNS versions 4.7.0 through 4.7.1 Description: An issue was discovered in Stormshield...

USN-6488-2: strongSwan vulnerability

USN-6488-1 fixed a vulnerability in strongSwan. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cau...

PT-2023-8710 · Zyxel · Zyxel Atp Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 Zyxel USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 Zyxel USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1 Zyxel USG20W-VPN series firmwa...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

CVE-2023-49692

CVE-2023-49692 describes an OS command injection in Siemens SCALANCE/M-800 family and RUGGEDCOM devices via improper neutralization of special elements in IPSEC configuration parsing. Affected products span RUGGEDCOM RM1224 LTE (EU/NAM) and multiple SCALANCE M models (M804PB, M812-1, M816-1, M826...

Security Bulletin: Vulnerability in IPSec-Tools affects IBM Integrated Management Module II (IMM2)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in IPSec-Tools. Vulnerability Details CVEID: CVE-2016-10396 DESCRIPTION: IPsec-Tools is vulnerable to a denial of service, caused by a flaw in the racoon daemon. By repeatedly sending ISAKMP fragment packet...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in IPsec-Tools (CVE-2016-10396)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in IPsec-Tools. Vulnerability Details CVEID: CVE-2016-10396 DESCRIPTION: IPsec-Tools is vulnerable to a denial of service, caused by a flaw in the racoon daemon. By repeatedly sending ISAKMP fragment...

Zyxel USG / ATP / VPN < 5.37 Multiple Vulnerabilities

Firmware version of the Zyxel USG, ATP, or VPN is less than 5.37. This means the Zyxel device is vulnerable to the following: - An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit could allow an unauthenticated attacker to cause denial-of-service DoS conditions on a...

CVE-2023-4398

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

Integer overflow

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

CVE-2023-4398

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

CVE-2023-4398

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

CVE-2023-4398

The CVE-2023-4398 issue is an integer overflow in the QuickSec IPSec toolkit used by Zyxel device VPN features (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN series). An unauthenticated attacker can trigger DoS by sending a crafted IKE packet, as documented in the affected firmware ranges ...

Oracle Linux 8 : libreswan (ELSA-2023-7052)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7052 advisory. - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 Tenable has extracted the preceding description block directly from the Oracle...

USN-6488-1: strongSwan vulnerability

Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

Fortinet FortiClient Hardcoding Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A hard-coded vulnerability exists in Fortinet FortiClien...

Oracle Linux 9 : libreswan (ELSA-2023-6549)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6549 advisory. - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Just bumping up the version to include bugs for CVE-2023-2295. There is no cod...

Rockwell Automation Stratix Cisco IOS Software IPsec Denial of Service (CVE-2014-3299)

A vulnerability in IPsec processing of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec...