Missing Encryption Of Sensitive Data

Cilium is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to missing encryption in IPsec-eligible traffic between a node's Envoy proxy/DNS proxy and pods on other nodes, when traffic matches Layer 7 policies. This issue can expose sensitive data as it travels between...

[SECURITY] Fedora 38 Update: libreswan-4.14-1.fc38

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

[SECURITY] Fedora 39 Update: libreswan-4.14-1.fc39

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

RHEL 8 : kernel (RHSA-2024:1367)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1367 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereferen...

CVE-2024-28249

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

CVE-2024-28249

Cilium CVE-2024-28249 : In clusters with IPsec enabled and Layer 7 policies, IPsec-eligible traffic between a node’s Envoy proxy and pods on other nodes, and between a node’s DNS proxy and pods on other nodes, is sent unencrypted. This affects versions prior to 1.13.13, 1.14.8, and 1.15.2. The is...

CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

GHSA-J89H-QRVR-XC36 Unencrypted traffic between nodes when using IPsec and L7 policies

Impact In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies: - Traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted - Traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent...

Unencrypted traffic between nodes when using IPsec and L7 policies

Impact In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies: - Traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted - Traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent...

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

Integer overflow

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

CVE-2024-22396

CVE-2024-22396 describes an integer-based buffer overflow in SonicOS when processing IPSec IKEv2 payloads. The vulnerability is exploitable remotely under specific conditions, potentially causing Denial of Service and, in the worst case, arbitrary code execution. The affected component is SonicOS...

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

RHEL 8 : kernel-rt (RHSA-2024:1269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1269 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 8 : kernel (RHSA-2024:1268)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1268 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nftables:...

CVE-2023-33086

CVE-2023-33086 affects Qualcomm closed‑source components. The issue is a transient Denial of Service when processing multiple IKEV2 Informational Requests from an IPsec server with different identifiers, leading to high impact on availability. CVSS 3.1 base score 7.5 (Network, Low attack complexi...

CentOS 9 : libreswan-4.12-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.12-1.el9 build changelog. - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 ...

MikroTik RouterOs Reachable Assertion (CVE-2020-20262)

Mikrotik RouterOs before 6.47 stable tree suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. This plugin only works with Tenable.ot. Plea...

RHEL 8 : kernel-rt (RHSA-2024:0881)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0881 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...