Lucene search
K

2812 matches found

UbuntuCve
UbuntuCve
added 2022/03/23 6:15 a.m.47 views

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

7.8CVSS7AI score0.05524EPSS
Exploits2References11
Cvelist
Cvelist
added 2022/03/23 5:7 a.m.35 views

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

8.2AI score0.05524EPSS
Exploits2References5
CVE
CVE
added 2022/03/23 5:7 a.m.431 views

CVE-2022-27666

CVE-2022-27666 describes a heap buffer overflow in IPsec ESP transformation code (net/ipv4/esp4.c and net/ipv6/esp6.c) that can allow a local user to overwrite kernel heap objects and may lead to local privilege escalation. Connected advisories confirm kernel patches are available (e.g., AlmaLinu...

7.8CVSS8AI score0.05524EPSS
Exploits2References5Affected Software1
Debian CVE
Debian CVE
added 2022/03/23 5:7 a.m.63 views

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

7.8CVSS7AI score0.05524EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2022/03/11 6:41 p.m.55 views

CVE-2022-0886

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...

1AI score
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.7 views

PT-2022-1992 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.15 Linux kernel versions prior to 5.17 Description: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a...

9.8CVSS7.2AI score0.67994EPSS
Exploits201References1307
NVD
NVD
added 2022/02/04 2:15 a.m.21 views

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...

9.8CVSS0.02956EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.5 views

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...

9.8CVSS7.6AI score0.02956EPSS
Exploits1References2
CVE
CVE
added 2022/02/04 1:32 a.m.68 views

CVE-2022-24170

CVE-2022-24170 affects Tenda G1 and G3 routers with version 15.11.0.17(9502)_CN. The vulnerability is a command injection in the function formSetIpSecTunnel, allowing an attacker to execute arbitrary commands through the IPsecLocalNet and IPsecRemoteNet parameters. The available connected sources...

9.8CVSS10AI score0.02956EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/02/04 1:32 a.m.21 views

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...

10AI score0.02956EPSS
Exploits1References1
Fedora
Fedora
added 2022/02/04 1:23 a.m.31 views

[SECURITY] Fedora 35 Update: strongswan-5.9.5-2.fc35

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

9.1CVSS2AI score0.02761EPSS
Exploits0
Fedora
Fedora
added 2022/02/04 1:23 a.m.34 views

[SECURITY] Fedora 34 Update: strongswan-5.9.5-2.fc34

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

9.1CVSS2AI score0.02761EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/02/04 12:0 a.m.12 views

Fedora: Security Advisory for strongswan (FEDORA-2022-0e87c7994f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS9.3AI score0.02761EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/03 12:0 a.m.6 views

Tenda G1 and G3 命令注入漏洞

Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...

9.8CVSS6.1AI score0.02956EPSS
Exploits1References2
OSV
OSV
added 2022/01/31 4:15 p.m.2 views

UBUNTU-CVE-2022-0286

A flaw was found in the Linux kernel. A null pointer dereference in bondipsecaddsa may lead to local denial of service...

5.5CVSS6.6AI score0.00531EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2018-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.7AI score0.02928EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2015-0243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.6AI score0.09877EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.7 views

CVE-2022-23024

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References2
NVD
NVD
added 2022/01/25 8:15 p.m.23 views

CVE-2022-23024

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...

7.5CVSS0.00904EPSS
Exploits0References1
Prion
Prion
added 2022/01/25 8:15 p.m.18 views

Code injection

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...

4.3CVSS7.5AI score0.00904EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder