2812 matches found
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
CVE-2022-27666
CVE-2022-27666 describes a heap buffer overflow in IPsec ESP transformation code (net/ipv4/esp4.c and net/ipv6/esp6.c) that can allow a local user to overwrite kernel heap objects and may lead to local privilege escalation. Connected advisories confirm kernel patches are available (e.g., AlmaLinu...
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
CVE-2022-0886
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...
PT-2022-1992 · Linux +10 · Linux Kernel +10
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.15 Linux kernel versions prior to 5.17 Description: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a...
CVE-2022-24170
Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...
CVE-2022-24170
Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...
CVE-2022-24170
CVE-2022-24170 affects Tenda G1 and G3 routers with version 15.11.0.17(9502)_CN. The vulnerability is a command injection in the function formSetIpSecTunnel, allowing an attacker to execute arbitrary commands through the IPsecLocalNet and IPsecRemoteNet parameters. The available connected sources...
CVE-2022-24170
Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...
[SECURITY] Fedora 35 Update: strongswan-5.9.5-2.fc35
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...
[SECURITY] Fedora 34 Update: strongswan-5.9.5-2.fc34
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...
Fedora: Security Advisory for strongswan (FEDORA-2022-0e87c7994f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Tenda G1 and G3 命令注入漏洞
Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters...
UBUNTU-CVE-2022-0286
A flaw was found in the Linux kernel. A null pointer dereference in bondipsecaddsa may lead to local denial of service...
Mageia: Security Advisory (MGASA-2018-0010)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0243)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-23024
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...
CVE-2022-23024
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...
Code injection
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...