EUVD-2009-1155

Malware in sbrugna...

EUVD-2024-18052

Malicious code in bioql PyPI...

Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2014-2264)

The OpenVPN module in Synology DiskStation Manager DSM 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Crlf injection

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

PT-2024-2007 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client affected versions not specified Description: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection...

See List and kill current AAA VPN Session on the CLI

See and Kill current AAA Sessions...

Palo Alto GlobalProtect Agent <= 4.1.0 Information Disclosure (Windows)

The version of Palo Alto GlobalProtect Agent installed on the remote Windows host is prior to 4.1.1. It is, therefore, affected by an information disclosure vulnerability. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session toke...

FreeBSD : openvpn -- illegal client float can break VPN session for other users (8604121c-7fc2-11ea-bcac-7781e90b0c8f)

Lev Stipakov and Gert Doering report : There is a time frame between allocating peer-id and initializing data channel key which is performed on receiving push request or on async push-reply in which the existing peer-id float checks do not work right. If a 'rogue' data channel packet arrives duri...

openvpn -- illegal client float can break VPN session for other users

Lev Stipakov and Gert Doering report: There is a time frame between allocating peer-id and initializing data channel key which is performed on receiving push request or on async push-reply in which the existing peer-id float checks do not work right. If a "rogue" data channel packet arrives durin...

CVE-2019-1714

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...

Authentication flaw

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...

Information Disclosure in GlobalProtect App

An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS VU192371. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the...

PT-2019-2081 · Palo Alto Networks · Globalprotect Agent

Name of the Vulnerable Software and Affected Versions: GlobalProtect Agent version 4.1.0 for Windows GlobalProtect Agent versions 4.1.10 and earlier for macOS Description: The issue is related to weaknesses in the authentication procedure of the GlobalProtect Agent, which may allow a local...

CVE-2012-5017

Cisco IOS before 15.11SY1 allows remote authenticated users to cause a denial of service device reload by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268...

Design/Logic Flaw

Cisco IOS before 15.11SY1 allows remote authenticated users to cause a denial of service device reload by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268...

Hardcoded credentials

The OpenVPN module in Synology DiskStation Manager DSM 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session...