Vulnerabilities > Softether

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-22308 Integer Underflow (Wrap or Wraparound) vulnerability in Softether VPN 5.01.9674/5.02
An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02.
network
low complexity
softether CWE-191
7.5
2023-10-12 CVE-2023-22325 Infinite Loop vulnerability in Softether VPN 4.419782/5.01.9674/5.02
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02.
network
high complexity
softether CWE-835
5.9
2023-10-12 CVE-2023-23581 Out-of-bounds Read vulnerability in Softether VPN 5.01.9674/5.02
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02.
network
low complexity
softether CWE-125
7.5
2023-10-12 CVE-2023-25774 Unspecified vulnerability in Softether VPN 5.02
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02.
network
low complexity
softether
7.5
2023-10-12 CVE-2023-27395 Out-of-bounds Write vulnerability in Softether VPN 4.419782/5.01.9674/5.02
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02.
network
high complexity
softether CWE-787
8.1
2023-10-12 CVE-2023-27516 Insecure Default Initialization of Resource vulnerability in Softether VPN 4.419782/5.01.9674
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674.
local
low complexity
softether CWE-1188
7.8
2023-10-12 CVE-2023-31192 Use of Uninitialized Resource vulnerability in Softether VPN 5.01.9674
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674.
network
high complexity
softether CWE-908
5.3
2023-10-12 CVE-2023-32275 Exposure of Resource to Wrong Sphere vulnerability in Softether VPN 4.419782/5.01.9674
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674.
local
low complexity
softether CWE-668
4.4
2023-10-12 CVE-2023-32634 Unspecified vulnerability in Softether VPN 4.419782/5.01.9674
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta.
local
high complexity
softether
7.4
2019-07-29 CVE-2019-11868 Out-of-bounds Write vulnerability in Softether See.Sys 4.25
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.
local
low complexity
softether CWE-787
7.8