Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

Summary A radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection, then creates a GTP tunnel towards that radio. Impact Downlink...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview outray is an OutRay CLI - Expose your local server to the internet Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during registration. An attacker can bypass subscription limitations by rapidly initiating multiple tunnel creation...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

CVE-2026-22820 Outray cli is vulnerable to race conditions in tunnels creation

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

Outray cli is vulnerable to race conditions in tunnels creation

Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. Details Affected conponent: apps/web/src/routes/api/tunnel/register.ts - /tunnel/register endpoint code-: ts // Check if tunnel already exists in database const...

Vulnerabilities in the l2tp_xmit_core(), l2tp_tunnel_create(), and l2tp_tunnel_register() functions of the Linux operating system’s kernel, allowing attackers to cause service interruptions.

The vulnerabilities of the l2tpxmitcore, l2tptunnelcreate, and l2tptunnelregister functions in the Linux kernel are related to improper resource locking. Exploiting these vulnerabilities can allow an attacker to cause service failures...

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

Fortinet FortiClient - Lack of client-side certificate validation in ZTNA service (FG-IR-22-282)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-282 advisory. - AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11...

kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create()

A race condition between pppol2tpsessioncreate and l2tpethcreate in net/l2tp/l2tpnetlink.c was found in the Linux kernel. Calling l2tptunnelfind may result in a new tunnel being created with tunnel id of a previously removed tunnel which wouldn't be protected by the reference counter...

CVE-2014-3384

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.47.15, 8.6 before 8.61.14, 9.0 before 9.04.8, and 9.1 before 9.15.1 allows remote attackers to cause a denial of service device reload via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401...