Lucene search
K

146 matches found

CNNVD
CNNVD
added 2023/10/12 12:0 a.m.4 views

SoftEther VPN Security Vulnerability

SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 4.41-9782-beta and 5.01.9674, which stems from an authentication bypass vulnerability in the CiRpcAccepted function, which can be...

7.8CVSS6.7AI score0.0053EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.5 views

SoftEther VPN Information Disclosure Vulnerability

SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. An information disclosure vulnerability exists in SoftEther VPN versions 4.41-9782-beta and 5.01.9674, which stems from an information disclosure vulnerability in the CtEnumCa function, which...

5.5CVSS6.2AI score0.00392EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.4 views

PT-2023-23695 · Unknown · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.01.9674 Description: An information disclosure issue exists in the CtEnumCa functionality. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can se...

5.5CVSS5.3AI score0.00392EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.2 views

PT-2023-23924 · Unknown · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.01.9674 Description: An authentication bypass issue exists in the CiRpcServerThread functionality. This allows an attacker to perform a local man-in-the-middle attack to trigger the issue...

7.8CVSS7.6AI score0.00426EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.7 views

SoftEther VPN Buffer Error Vulnerability

SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 4.41-9782-beta, 5.01.9674, and 5.02, which stems from a denial-of-service vulnerability in the WpcParsePacket function, which can be...

9CVSS6.7AI score0.01543EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.3 views

PT-2023-23218

Name of the Vulnerable Software and Affected Versions SoftEther VPN version 5.01.9674 Description An information disclosure issue exists in the ClientConnect functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a...

5.3CVSS5.9AI score0.00976EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.4 views

SoftEther VPN Security Vulnerability

SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 5.01.9674 and 5.02, which stems from a denial-of-service vulnerability in the DCRegister DDNSRPCMAXRECVSIZE function, which can be...

5.9CVSS6.7AI score0.00957EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.6 views

SoftEther VPN Information Disclosure Vulnerability

SoftEther VPN is an open source cross-platform multi-protocol VPN Virtual Private Network application. An information disclosure vulnerability exists in SoftEther VPN version 5.01.9674, which originates from an information disclosure vulnerability in the ClientConnect function, which can be...

5.3CVSS6.2AI score0.00976EPSS
Exploits1References3
Talos
Talos
added 2023/10/12 12:0 a.m.28 views

SoftEther VPN CiRpcServerThread() MitM authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1755 SoftEther VPN CiRpcServerThread MitM authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-32634 SUMMARY An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta...

7.8CVSS7.7AI score0.00426EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/10/05 10:39 a.m.39 views

Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack

A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.6 views

The vulnerability of the Dynamic DNS (DDNS) function of the SoftEther VPN client allows a hacker to execute arbitrary code.

The vulnerability of the Dynamic DNS DDNS function in the SoftEther VPN client client involves the possibility of buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by performing a “man-in-the-middle” attack...

9CVSS8.2AI score0.01543EPSS
Exploits1References3
Microsoft Secure
Microsoft Secure
added 2023/08/24 4:30 p.m.16 views

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations networks with...

8.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/03 6:7 a.m.5 views

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS8AI score0.01543EPSS
Exploits6References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/03 12:0 a.m.68 views

JVN#64316789: Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS7.5AI score0.01543EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.1 views

PT-2023-8738 · Softether · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.02 Description: A denial of service issue exists in the DCRegister functionality of SoftEther VPN, related to the DDNS RPC MAX RECV SIZE. This can be triggered by a specially crafted network...

5.9CVSS6.1AI score0.00957EPSS
Exploits1References7
OSV
OSV
added 2022/08/14 12:0 a.m.3 views

OSV-2022-709 Heap-buffer-overflow in dissect_softether_host_fqdn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50105 Crash type: Heap-buffer-overflow READ 10 Crash state: dissectsoftetherhostfqdn ndpisearchsoftether checkndpidetectionfunc...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/14 12:0 a.m.3 views

PT-2022-37182 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 10 crash occurred, involving the functions dissect softether host fqdn, ndpi search softether, and check ndpi detection func...

7AI score
Exploits0References2
OSV
OSV
added 2022/08/10 12:0 a.m.8 views

OSV-2022-691 Heap-buffer-overflow in dissect_softether_host_fqdn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49901 Crash type: Heap-buffer-overflow READ 1 Crash state: dissectsoftetherhostfqdn ndpisearchsoftether checkndpidetectionfunc...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.4 views

PT-2022-37172 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which was identified through an OSS-Fuzz report. The crash involves several functions, including...

6.9AI score
Exploits0References2
OSV
OSV
added 2022/08/04 12:0 a.m.5 views

OSV-2022-670 Heap-buffer-overflow in dissect_softether_ip_port

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49736 Crash type: Heap-buffer-overflow READ 4 Crash state: dissectsoftetheripport ndpisearchsoftether checkndpidetectionfunc...

7.2AI score
Exploits0References1
Rows per page
Query Builder