Page 3 of 13 results (0.004 seconds)

CVSS: 2.6EPSS: 0%CPEs: 39EXPL: 0

CVE-2015-4171

https://notcve.org/view.php?id=CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. strongSwan 4.3.0 hasta 5.x anterior a 5.3.2 y strongSwan VPN Client anterior a 1.4.6, cuando utiliza claves EAP o precompartidas para la autenticación de una conexión IKEv2, no refuerza las restricciones de autenticación de servidores hasta que el proceso de autenticación entero se haya completado, lo que permite a servidores remotos obtener credenciales mediante el uso de un certificado válido y posteriormente la lectura de las respuestas. • http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html http://www.debian.org/security/2015/dsa-3282 http://www.openwall.com/lists/oss-security/2015/05/29/6 http://www.openwall.com/lists/oss-security/2015/05/29/7 http://www.openwall.com/lists/oss-security/2015/06/08/4 http://www.securityfocus.com/bid/74933 http://www.securitytracker.com/id/1032514 http://www.ubuntu.com/usn/USN-2628-1 https://bugzilla.suse.com/show_bug.cgi?id=933591 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 5%CPEs: 25EXPL: 0

CVE-2014-9221

https://notcve.org/view.php?id=CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. strongSwan 4.5.x hasta 5.2.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero inválido) a través de un mensaje IKEv2 Key Exchange (KE) manipulado con el grupo Diffie-Hellman (DH) 1025. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html http://secunia.com/advisories/62071 http://secunia.com/advisories/62083 http://secunia.com/advisories/62095 http://secunia.com/advisories/62663 http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html http://www.debian.or • CWE-19: Data Processing Errors •

CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 0

CVE-2014-2891

https://notcve.org/view.php?id=CVE-2014-2891

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. strongSwan en versiones anteriores a 5.1.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero null y una caída del demonio IKE) a través de un payload IDER_ASN1_DN ID manipulado. • http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html http://secunia.com/advisories/59864 http://www.debian.org/security/2014/dsa-2922 http://www.securityfocus.com/bid/67212 http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html •