Vulnerabilities > Xelerance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-12 | CVE-2019-10155 | Improper Input Validation vulnerability in multiple products The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. | 3.5 |
| 2018-09-26 | CVE-2018-15836 | Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. | 5.0 |
| 2014-11-26 | CVE-2014-2037 | Improper Input Validation vulnerability in Xelerance Openswan 2.6.40 Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | 5.0 |
| 2014-01-26 | CVE-2013-6466 | Remote Denial Of Service vulnerability in Openswan IKEv2 payloads Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | 5.0 |
| 2013-07-09 | CVE-2013-2053 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xelerance Openswan Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. | 6.8 |
| 2011-11-17 | CVE-2011-4073 | Resource Management Errors vulnerability in Xelerance Openswan Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | 4.0 |
| 2011-11-17 | CVE-2011-3380 | Unspecified vulnerability in Xelerance Openswan Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. | 5.0 |
| 2010-10-05 | CVE-2010-3753 | OS Command Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28 programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | 6.5 |
| 2010-10-05 | CVE-2010-3752 | OS Command Injection vulnerability in Xelerance Openswan programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | 6.5 |
| 2010-10-05 | CVE-2010-3308 | Code Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28 Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. | 6.5 |