Lucene search
K

2811 matches found

Cvelist
Cvelist
added 2018/04/18 2:0 p.m.21 views

CVE-2016-10455

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD...

7.9AI score0.00871EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/16 12:0 a.m.19 views

FreeBSD : ipsec-tools -- remotely exploitable computational-complexity attack (974a6d32-3fda-11e8-aea4-001b216d295b)

Robert Foggia via NetBSD GNATS reports : The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

7.8CVSS6.8AI score0.02928EPSS
Exploits0References3
Prion
Prion
added 2018/04/13 1:29 p.m.19 views

Design/Logic Flaw

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary...

6CVSS6.4AI score0.00922EPSS
Exploits0References1Affected Software13
NVD
NVD
added 2018/04/13 1:29 p.m.23 views

CVE-2017-6156

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary...

6.4CVSS6.4AI score0.00922EPSS
Exploits0References1
CVE
CVE
added 2018/04/13 1:0 p.m.61 views

CVE-2017-6156

CVE-2017-6156 affects F5 BIG-IP with wildcard IPsec tunnel endpoints. A remote attacker can disrupt or impersonate phase-1 IPsec tunnels for specific versions (12.1.0–12.1.1; 11.6.0–11.6.1; 11.5.1–11.5.5; 11.2.1) when credentials for phase-1 are present. Remediation per F5 advisory K05263202 is u...

6.4CVSS6.3AI score0.00922EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/13 1:0 p.m.28 views

CVE-2017-6156

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary...

6.4AI score0.00922EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/04/12 12:0 a.m.7 views

The vulnerability in the implementation of IPSec protocols on Windows operating systems allows a attacker to induce a service failure.

The vulnerability in the implementation of IPSec protocols on Windows operating systems arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.1CVSS7.6AI score0.09024EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/10 3:34 a.m.5 views

Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation

The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interfaceCONFIGXFRMUSER compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrmdumppolicydone. A user/process could abuse this flaw to potentially...

7.8CVSS7.1AI score0.0215EPSS
Exploits3References4
CNVD
CNVD
added 2018/04/09 12:0 a.m.2 views

FreeBSD Denial of Service Vulnerability (CNVD-2018-07703)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from the length field of the ipsec...

7.8CVSS6.8AI score0.04377EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/04/06 12:0 a.m.31 views

FreeBSD : FreeBSD -- ipsec crash or denial of service (c0c5afef-38db-11e8-8b7f-a4badb2f469b)

The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. Impact : A...

7.8CVSS7.3AI score0.04377EPSS
Exploits0References2
OSV
OSV
added 2018/04/04 2:29 p.m.8 views

CVE-2018-6918

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able ...

7.5CVSS6.8AI score0.04377EPSS
Exploits0References7
Prion
Prion
added 2018/04/04 2:29 p.m.19 views

Code injection

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able ...

7.8CVSS7.4AI score0.04377EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2018/04/04 2:29 p.m.16 views

CVE-2018-6918

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able ...

7.8CVSS7.5AI score0.04377EPSS
Exploits0References7
CVE
CVE
added 2018/04/04 2:0 p.m.77 views

CVE-2018-6918

CVE-2018-6918 affects FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8, and 10.3-RELEASE-p28. The/ipsec option header length field does not count the header size, causing an infinite loop when the length is zero. This can allow a remote attacker sending arbitrary packets ...

7.8CVSS7.5AI score0.04377EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2018/04/04 2:0 p.m.24 views

CVE-2018-6918

Removed by vendor...

7.8CVSS7.6AI score0.04377EPSS
Exploits0
FreeBSD
FreeBSD
added 2018/04/04 12:0 a.m.33 views

FreeBSD -- ipsec crash or denial of service

Problem Description: The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv...

7.8CVSS7.6AI score0.04377EPSS
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2018/04/04 12:0 a.m.16 views

FreeBSD-SA-18:05.ipsec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:05.ipsec Security Advisory The FreeBSD Project Topic: ipsec crash or denial of service Category: core Module: ipsec Announced: 2018-04-04 Credits: Maxime...

7.8CVSS7.3AI score0.04377EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/03/15 12:0 a.m.278 views

CentOS 6 : kernel (CESA-2018:0512) (Meltdown) (Spectre)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

5.6CVSS7.6AI score0.93838EPSS
Exploits12References4
Tenable Nessus
Tenable Nessus
added 2018/03/15 12:0 a.m.30 views

FreeBSD : FreeBSD -- ipsec validation and use-after-free (dca7ced0-2796-11e8-95ec-a4badb2f4699)

Due to a lack of strict checking, an attacker from a trusted host can send a specially constructed IP packet that may lead to a system crash. Additionally, a use-after-free vulnerability in the AH handling code could cause unpredictable results. Impact : Access to out of bounds or freed mbuf data...

9.8CVSS8.3AI score0.02204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/03/15 12:0 a.m.68 views

CentOS Update for kernel CESA-2018:0512 centos6

Check the version of kernel SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882855";...

5.6CVSS7.3AI score0.93838EPSS
Exploits12References2
Rows per page
Query Builder