Vulnerabilities > Xelerance > Openswan > 2.6.26
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-15836 | Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. | 5.0 |
| 2014-01-26 | CVE-2013-6466 | Remote Denial Of Service vulnerability in Openswan IKEv2 payloads Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | 5.0 |
| 2011-11-17 | CVE-2011-4073 | Resource Management Errors vulnerability in Xelerance Openswan Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | 4.0 |
| 2010-10-05 | CVE-2010-3753 | OS Command Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28 programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | 6.5 |
| 2010-10-05 | CVE-2010-3752 | OS Command Injection vulnerability in Xelerance Openswan programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | 6.5 |