17 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la funcionalidad vpnserver WpcParsePacket() de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en la funcionalidad DCRegister DDNS_RPC_MAX_RECV_SIZE de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad vpnserver OvsProcessData de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. Existe una vulnerabilidad de denegación de servicio en la funcionalidad vpnserver EnSafeHttpHeaderValueStr de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Existe una vulnerabilidad de Denegación de Servicio (DoS) en la funcionalidad vpnserver ConnectionAccept() de SoftEther VPN 5.02. Un conjunto de conexiones de red especialmente manipuladas puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743 • CWE-400: Uncontrolled Resource Consumption •