Vulnerabilities > Xelerance > Openswan > 2.6.32
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-15836 | Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. | 5.0 |
| 2014-01-26 | CVE-2013-6466 | Remote Denial Of Service vulnerability in Openswan IKEv2 payloads Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | 5.0 |
| 2011-11-17 | CVE-2011-4073 | Resource Management Errors vulnerability in Xelerance Openswan Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | 4.0 |
| 2011-11-17 | CVE-2011-3380 | Unspecified vulnerability in Xelerance Openswan Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. | 5.0 |