Lucene search
K

2811 matches found

Cvelist
Cvelist
added 2017/05/18 6:13 a.m.20 views

CVE-2017-8338

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 used for L2TP over IPsec, preventing the affected router from accepting new connections; all devices will be disconnected from the router a...

7.5AI score0.04207EPSS
Exploits1References4
myhack58
myhack58
added 2017/05/03 12:0 a.m.114 views

PWN2OWN 2017 the Linux kernel to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

! 0. Foreword In 2017, the PWN2OWN contest, the long Pavilion security research lab Chaitin Security Research Lab successfully demonstrates Ubuntu 16.10 Desktop of the local extraction rights. This attack mainly use the linux kernel IPSEC frameworkfrom linux2. 6 Start supportin a memory bounds...

7.2CVSS7.5AI score0.01902EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.61 views

EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1090)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximate...

7.5CVSS7.1AI score0.95707EPSS
Exploits7References2
Hacker One
Hacker One
added 2017/04/25 4:58 a.m.17 views

Weblate: demo.weblate.org is vulnerable to SWEET32 Vulnerability

Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is encrypted...

2.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/25 12:0 a.m.30 views

Cisco ASA Software IPsec Packet Handling DoS (cisco-sa-20170419-asa-ipsec)

According to its self-reported version and configuration, the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by a denial of service vulnerability in the IPsec code due to improper parsing of malformed IPsec packets. An authenticated, remote attacker can...

7.7CVSS7.4AI score0.02842EPSS
Exploits0References3
NVD
NVD
added 2017/04/20 10:59 p.m.16 views

CVE-2017-6609

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

7.7CVSS7.6AI score0.02842EPSS
Exploits0References3
Prion
Prion
added 2017/04/20 10:59 p.m.27 views

Design/Logic Flaw

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

6.8CVSS7.5AI score0.02842EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/04/20 10:0 p.m.69 views

CVE-2017-6609

CVE-2017-6609 affects Cisco ASA Software IPsec handling. The vulnerability stems from improper parsing of malformed IPsec packets in the IPsec code, requiring an authenticated, remote attacker to establish a valid IPsec tunnel and send crafted traffic to the affected system. Exploitation can caus...

7.7CVSS7.6AI score0.02842EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/20 10:0 p.m.22 views

CVE-2017-6609

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

7.6AI score0.02842EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/04/20 12:0 a.m.26 views

Cisco ASA Software IPsec Denial of Service Vulnerability (cisco-sa-20170419-asa-ipsec)

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.7CVSS7.6AI score0.02842EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.33 views

Cisco ASA Software IPsec Denial of Service Vulnerability

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

7.7CVSS7.6AI score0.02842EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/04/19 12:0 a.m.5 views

PT-2017-17180 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions prior to 9.17.8 Cisco ASA Software versions prior to 9.24.15 Cisco ASA Software versions prior to 9.44 Cisco ASA Software versions prior to 9.53.2 Cisco ASA Software versions prior to 9.62 Description: A...

7.7CVSS7.4AI score0.02842EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2017/04/11 7:0 a.m.24 views

Windows IPSec Denial of Service Vulnerability

A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate...

5.8CVSS3.5AI score0.04727EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/20 12:0 a.m.52 views

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:0719-1)

This update for java-171-ibm fixes the following issues: Security issue fixed : - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for...

7.5CVSS7AI score0.95707EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2017/03/20 12:0 a.m.90 views

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:0720-1)

This update for java-171-ibm fixes the following issues: Security issue fixed : - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for...

7.5CVSS7AI score0.95707EPSS
Exploits7References4
Prion
Prion
added 2017/02/27 7:59 a.m.13 views

Code injection

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and...

4.3CVSS5.7AI score0.00743EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/02/27 7:59 a.m.18 views

CVE-2017-6297

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and...

5.9CVSS5.7AI score0.00743EPSS
Exploits1References2
CVE
CVE
added 2017/02/27 7:25 a.m.67 views

CVE-2017-6297

The CVE-2017-6297 entry concerns MikroTik RouterOS L2TP Client in versions 6.83.3 and 6.37.4. The vulnerability arises because IPsec encryption is not enabled after a reboot, enabling man-in-the-middle attackers to view unencrypted data and potentially access networks on the L2TP server by monito...

5.9CVSS5.6AI score0.00743EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/02/08 4:59 p.m.20 views

Information disclosure

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

4.3CVSS6.9AI score0.01423EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/08 4:59 p.m.20 views

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

5.9CVSS5.7AI score0.01423EPSS
Exploits0References2
Rows per page
Query Builder