CVE-2021-23039

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffi...

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to trigger a service failure.

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to errors in encryption and decryption processes. Exploiting this vulnerability can allow a malicious actor to cause service...

Wrong calcAsymmetricShare calculation

Handle @cmichelio Vulnerability details Vulnerability Details The inline-comment defines the number of asymmetric shares as u U 2 A^2 - 2 U u + U^2/U^3 but the Utils.calcAsymmetricShare function computes uA 2U^2 - 2uU + u^2 / U^3 which is not equivalent as can be seen from the A^2 term in the fir...

kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints

A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this...

The vulnerability in the implementation of IPSec protocols for the HiLCOS operating system in wireless access points OpenBAT and BAT450-F allows a hacker to circumvent firewall policies.

The vulnerability of the implementation of IPSec protocols in the HiLCOS operating system for wireless access points OpenBAT and BAT450-F is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to circumvent firewall policies from a remote...

The vulnerability of the IPSec tunnel of Cisco SD-WAN vBond Orchestrator, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vSmart Controller, and the centralized network management system Cisco SD-WAN vManage allows a attacker to cause service interruptions.

The vulnerability of the IPSec tunnel of Cisco SD-WAN vBond Orchestrator, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vSmart Controller, and the centralized network management system Cisco SD-WAN vManage is related to errors in processing IP packets passing through...

kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned.

A buffer over-read flaw was found in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash...

F5 BIG-IP Security Bypass Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security bypass vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to obtain sensitive information by...

DEBIAN-CVE-2020-25645

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

PT-2020-3668

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server versions prior to the fixed version Description An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon...

OPENSUSE-SU-2020:1086-1 Security update for knot

This update for knot fixes the following issues: - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication boo1047841...

CVE-2020-10282

The CVE-2020-10282 entry concerns MAVLink, where version 1.0 has no authentication or authorization, enabling identity spoofing, unauthorized access, and man-in-the-middle-style attacks on MAVLink-based UAV communications. Some sources note MAVLink 2.0 adds a basic authentication mechanism (e.g.,...

UBUNTU-CVE-2020-10769

A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read...

Important: kernel-livepatch-4.14.173-137.229

Issue Overview: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending...

USN-4388-1 linux-gke-5.0, linux-oem-osp1 vulnerabilities

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...

openSUSE Security Update : python-rpyc (openSUSE-2020-685)

This update for python-rpyc to 4.1.5 fixes the following issues : Security issue fixed : - CVE-2019-16328: Fixed a missing protocol security check that could have led to code execution boo1152987. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

A VPN connection through a third-party VPN server disconnects after an hour on a Windows-based computer

A VPN connection through a third-party VPN server disconnects after an hour on a Windows-based computer Symptoms On a computer that is running Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, or Windows Server 2012, you establish a Layer 2 Tunneling Protocol/Internet...

UBUNTU-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

The vulnerability of the implementation of the IPSec protocol set in the Cisco IOS XR operating system allows a attacker to trigger a service failure.

The vulnerability of the implementation of the IPSec protocol set in the Cisco IOS XR operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...