CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32275
https://notcve.org/view.php?id=CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad CtEnumCa() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Los paquetes de red especialmente manipulados pueden dar lugar a la divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27516
https://notcve.org/view.php?id=CVE-2023-27516
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad CiRpcAccepted() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Un paquete de red especialmente manipulado puede provocar un acceso no autorizado. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32634
https://notcve.org/view.php?id=CVE-2023-32634
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad CiRpcServerThread() de SoftEther VPN 5.01.9674 y 4.41-9782-beta. Un atacante puede realizar un ataque de intermediario local para desencadenar esta vulnerabilidad. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31192
https://notcve.org/view.php?id=CVE-2023-31192
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad ClientConnect() de SoftEther VPN 5.01.9674. Un paquete de red especialmente manipulado puede dar lugar a la divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11868
https://notcve.org/view.php?id=CVE-2019-11868
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. See.sys hasta versión 4.25 en el Servidor VPN SoftEther versiones 4.29 o anteriores permite a un usuario llamar a un IOCTL especificando cualquier dirección del kernel en la que se escriben bytes arbitrarios. • https://downwithup.github.io/CVEPosts https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/src/See https://www.softether.org/9-about/News/900-SEVPN201901 • CWE-787: Out-of-bounds Write •