CVE-2023-20193

A vulnerability in the Embedded Service Router ESR of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid...

Oracle Linux 8 : unbound (ELSA-2020-1716)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1716 advisory. - CVE-2019-18934 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for thi...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-2637)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

AZL-28064 CVE-2023-38710 affecting package libreswan for versions less than 4.7-5

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

Code injection

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

UBUNTU-CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

Libreswan 安全漏洞

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan versions prior to 4.12, which stems from an error notification INVALIDSPI being sent in a renegotiation REKEY...

CVE-2023-38710

CVE-2023-38710 affects Libreswan prior to 4.12. The issue occurs when an IKEv2 Child SA REKEY packet carries an invalid IPsec protocol ID (0 or 1); the notify payload copies the ID but the outgoing verify code asserts that the protocol ID must be ESP (2) or AH (3), causing the pluto daemon to cra...

CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

[Important] [Security] Virtuozzo ReadyKernel Patch 159.0 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: CVE-2023-3268 3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4 Out-of-bound memory access during reading relayfs...

[SECURITY] Fedora 38 Update: libreswan-4.12-1.fc38

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

[SECURITY] Fedora 37 Update: libreswan-4.12-1.fc37

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

Fedora: Security Advisory for libreswan (FEDORA-2023-ddd6e6b49b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libreswan (FEDORA-2023-dbc6d8a124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : docker (SUSE-SU-2023:3307-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3307-1 advisory. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, an...

CVE-2023-38710

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6247-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6247-1 advisory. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in...

CVE-2023-1707

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6...

Information disclosure

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6...