Vulnerabilities > Xelerance

DATE CVE VULNERABILITY TITLE RISK
2019-06-12 CVE-2019-10155 Improper Validation of Integrity Check Value vulnerability in multiple products
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified.
3.1
2018-09-26 CVE-2018-15836 Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification.
network
low complexity
xelerance CWE-347
5.0
2014-11-26 CVE-2014-2037 Improper Input Validation vulnerability in Xelerance Openswan 2.6.40
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
network
low complexity
xelerance CWE-20
5.0
2014-01-26 CVE-2013-6466 Remote Denial Of Service vulnerability in Openswan IKEv2 payloads
Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
network
low complexity
xelerance
5.0
2011-11-17 CVE-2011-4073 Resource Management Errors vulnerability in Xelerance Openswan
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
network
low complexity
xelerance CWE-399
4.0
2011-11-17 CVE-2011-3380 Unspecified vulnerability in Xelerance Openswan
Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
network
low complexity
xelerance
5.0
2010-10-05 CVE-2010-3753 OS Command Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
network
low complexity
xelerance CWE-78
6.5
2010-10-05 CVE-2010-3752 OS Command Injection vulnerability in Xelerance Openswan
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
network
low complexity
xelerance CWE-78
6.5
2009-06-25 CVE-2009-2185 Improper Input Validation vulnerability in multiple products
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
network
low complexity
strongswan xelerance CWE-20
5.0
2009-04-01 CVE-2009-0790 Improper Input Validation vulnerability in multiple products
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
network
low complexity
strongswan xelerance CWE-20
5.0