SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP3) (SUSE-SU-2022:4517-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4517-1 advisory. - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function...

CVE-2022-3630

A memory leak flaw was found in the Linux kernel IPSec functionality. This issue could allow a local user to crash the system...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-10065)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10065 advisory. - btrfs: Don't submit any btree write bio if the fs has errors Qu Wenruo Orabug: 31265340 CVE-2019-19377 - scsi: stex: Properly zero out the...

CVE-2022-23746

CVE-2022-23746 concerns brute-force vulnerability in the IPsec VPN blade SNX portal when configured for username/password authentication. The Red Hat, NVD, and other records consistently describe a credential-guessing flaw targeting the SNX portal; exploitation status is not detailed in the provi...

CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords...

CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tsttimer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 ...

Tenda AC1200 Command Injection Vulnerability

Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-2 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:4053-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4053-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Th...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5729-1 advisory. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5727-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5727-1 advisory. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could...

CVE-2022-41396

Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters...

Command injection

Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters...

CVE-2022-41396

CVE-2022-41396 affects Tenda AC1200 Router Model W15Ev2, specifically the setIPsecTunnelList function where command injection is possible via the IPsecLocalNet and IPsecRemoteNet parameters. The issue is documented across multiple sources (NVD/NVD-derived entries and CNVD/CNNVD mirrors) with CVSS...

[SECURITY] Fedora 37 Update: strongswan-5.9.8-1.fc37

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Fedora: Security Advisory for strongswan (FEDORA-2022-11bf2b2597)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: strongswan-5.9.8-1.fc36

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Linux kernel has unspecified vulnerabilities (CNVD-2022-72081)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a security flaw that affects the function rlbarpxmit in the component IPsec's file drivers/net/bonding/bondalb.c. This operation leads to a memory leak. leak. No details of...

Linux kernel resource management error vulnerability (CNVD-2022-72083)

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel has a security vulnerability that affects the functions devlinkparamset/devlinkparamget in the component IPsec's file net/core/devlink.c. The operation leads to free post-use. No details...

Linux kernel resource management error vulnerability (CNVD-2022-72084)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that affects the function tsttimer in the component IPsec's file drivers/atm/idt77252.c. The operation leads to free post-use. No details of the vulnerability ar...