GHSA-6WRF-MXFJ-PF5P Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842

CVE-2023-28842 affects Moby/dockerd, specifically Swarm overlay with encrypted VXLAN: an endpoint on an encrypted overlay can be unauthenticated, allowing cleartext VXLAN traffic to be injected or leaked under certain conditions. The issue stems from how iptables rules and IPsec handling are appl...

Certain HP Enterprise LaserJet and HP LaserJet Managed printers - Potential information disclosure

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Update the printer firmware...

Ubuntu 22.10 : Linux kernel (KVM) vulnerabilities (USN-5950-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5950-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain...

[SECURITY] Fedora 37 Update: strongswan-5.9.10-1.fc37

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

[SECURITY] Fedora 38 Update: strongswan-5.9.10-1.fc38

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Use After Free

linux is vulnerable to Use After Free. The function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c of the component IPsec contains the use after free vulnerability...

[SECURITY] [DSA 5368-1] libreswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5368-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2023 https://www.debian.org/security/faq -...

K53648360: Linux kernel vulnerability CVE-2022-27666

Security Advisory Description A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

K05013313: IPsec vulnerability CVE-2015-4047

Security Advisory Description racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon crash via a series of crafted UDP requests. CVE-2015-4047 Impact When this vulnerability is exploited, the remote attacker may be able us...

K66782293: TMM vulnerability CVE-2021-23039

Security Advisory Description When IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23039 Impact Traffic is disrupted whil...

K65213626: Linux kernel vulnerability CVE-2020-25645

Security Advisory Description A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read...

K05263202: BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156

Security Advisory Description When the BIG-IP system is configured with a wildcard IPsec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPsec negotiations. The attacker must possess the necessary credentials to negotiate the phase...

K10133477: BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736

Security Advisory Description The anonymous IPsec IKE peer configuration object is present and enabled in the default configuration. The settings of the anonymous IPsec IKE peer object allow an arbitrary peer to establish IKE phase 1 without certificate validation or a pre-shared key which may...

K13167034: OpenSSL vulnerability CVE-2016-2183

Security Advisory Description The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack agains...