CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32275
https://notcve.org/view.php?id=CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad CtEnumCa() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Los paquetes de red especialmente manipulados pueden dar lugar a la divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27516
https://notcve.org/view.php?id=CVE-2023-27516
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad CiRpcAccepted() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Un paquete de red especialmente manipulado puede provocar un acceso no autorizado. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32634
https://notcve.org/view.php?id=CVE-2023-32634
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad CiRpcServerThread() de SoftEther VPN 5.01.9674 y 4.41-9782-beta. Un atacante puede realizar un ataque de intermediario local para desencadenar esta vulnerabilidad. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31192
https://notcve.org/view.php?id=CVE-2023-31192
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad ClientConnect() de SoftEther VPN 5.01.9674. Un paquete de red especialmente manipulado puede dar lugar a la divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4104
https://notcve.org/view.php?id=CVE-2023-4104
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1. Una verificación de Autenticación No Válida de Polkit y requisitos de autenticación faltantes para los métodos D-Bus permitieron a cualquier usuario local configurar configuraciones VPN arbitrarias. *Este error sólo afecta a Mozilla VPN en Linux. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta al cliente VPN de Mozilla para Linux < v2.16.1. • https://bugzilla.mozilla.org/show_bug.cgi?id=1831318 https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055 https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110 https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151 https://www.mozilla.org/security/advisories/mfsa2023-39 https://www.openwall.com/lists/oss-security/2023/08/03/1 • CWE-862: Missing Authorization •