K54892865: BIG-IP AFM vulnerability CVE-2022-23024

Security Advisory Description When the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23024 Impact Traffic is disrupted while the TMM process...

K11155549: IPSEC vulnerability CVE-2019-14899

Security Advisory Description A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine...

K02186513: Linux kernel vulnerability CVE-2020-1749

Security Advisory Description A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link;...

K42378447: IPsec IKEv1 vulnerability CVE-2018-5389

Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2023-048-01)

The version of kernel-generic installed on the remote host is prior to 5.15.94 / 5.15.94smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-048-01 advisory. - A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fa...

SUSE CVE-2019-5719

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block...

SUSE CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12116)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12116 advisory. - netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits Pablo Neira Ayuso Orabug: 34978152 CVE-2023-0179 Tenable has extract...

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12120)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12120 advisory. - netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits Pablo Neira Ayuso Orabug: 34978152 CVE-2023-0179 Tenable has extracted t...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5859-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5859-1 advisory. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker coul...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5858-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5858-1 advisory. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker coul...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service DoS. On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an...

CVE-2023-22413

CVE-2023-22413 affects Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC, where an IPsec6 tunnel can trigger the Multiservices PIC Management Daemon (mspmand) to core and restart when processing specific IPv4 packets. This causes an FPC crash and impacts traffic while mspmand restarts,...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1102)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-1126)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-1037)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file...

CVE-2018-25062

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrmdumppolicydone of the file net/xfrm/xfrmuser.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this...

CVE-2018-25062 flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrmdumppolicydone of the file net/xfrm/xfrmuser.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this...

CVE-2018-25062

CVE-2018-25062 affects flar2 ElementalX up to 6.x on Nexus 9. The issue is in the ipsec component, specifically the function xfrm_dump_policy_done in net/xfrm/xfrm_user.c, whose manipulation can cause a denial of service. A fix is available: upgrade to ElementalX 7.00 (patch 1df72c9f0f61304437f4f...