319 matches found
libreswan: DoS attack via malicious IKEv1 informational exchange message
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...
Denial Of Service (DoS)
openswan is vulnerable to denial of service DoS. The vulnerability exists as a use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue...
Denial Of Service (DoS)
openswan is vulnerable to denial of service DoS. The vulnerability exists through the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon...
Denial Of Service (DoS)
openswan is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the Dead Peer Detection DPD in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
libreswan: null-pointer dereference by sending two IKEv2 packets
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
ABB Pluto Manager has a dll hijacking vulnerability
The ABB Group is a global leader in power and automation technology and is committed to providing solutions for customers in the industrial and power sectors. ABB Pluto Manager suffers from a dll hijacking vulnerability that can be exploited by attackers to load a malicious dll and execute...
Apache Pluto Web Interface Detection
Binary data apacheplutodetect.nbin...
DEBIAN-CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...
CVE-2019-12312
CVE-2019-12312 affects Libreswan 3.27, where an assertion failure in send_v2N_spi_response_from_state (ikev2_send.c) can be triggered by an IKEv2 SA_INIT followed by a bogus INFORMATIONAL exchange, causing a NULL pointer dereference and a restart of the pluto IKE daemon. The issue is documented a...
Cross-site Scripting (XSS)
Apache Pluto Portal is vulnerable to cross-site scripting XSS attack. The input fields to construct a resource URL of the Chat Room are not sanitized properly, allowing an attacker to inject arbitrary script through it...
Apache Pluto Chat Room Demo Portlet Persistent Cross-Site Scripting (CVE-2019-0186)
A cross site scripting vulnerability exists in Apache Pluto. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...
Cross site scripting
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...