Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluto vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-30570
pluto in Libreswan prior to 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
Libreswan Libreswan
1 Github repository
NA
CVE-2011-4073
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 up to and including 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_ou...
Xelerance Openswan 2.4.2
Xelerance Openswan 2.4.10
Xelerance Openswan 2.4.4
Xelerance Openswan 2.5.0
Xelerance Openswan 2.5.12
Xelerance Openswan 2.5.13
Xelerance Openswan 2.5.14
Xelerance Openswan 2.5.15
Xelerance Openswan 2.6.09
Xelerance Openswan 2.6.10
Xelerance Openswan 2.6.11
Xelerance Openswan 2.6.12
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.30
Xelerance Openswan 2.6.26
Xelerance Openswan 2.6.25
Xelerance Openswan 2.4.5
Xelerance Openswan 2.4.3
Xelerance Openswan 2.4.6
Xelerance Openswan 2.4.7
Xelerance Openswan 2.5.04
Xelerance Openswan 2.5.05
7.5
CVSSv3
CVE-2016-5391
libreswan prior to 3.18 allows remote malicious users to cause a denial of service (NULL pointer dereference and pluto daemon restart).
Libreswan Libreswan
Fedoraproject Fedora 24
Fedoraproject Fedora 23
NA
CVE-2024-32973
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for...
NA
CVE-2010-3753
programs/pluto/xauth.c in the client in Openswan 2.6.26 up to and including 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.28
Xelerance Openswan 2.6.26
NA
CVE-2010-3308
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 up to and including 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field.
Xelerance Openswan 2.6.26
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.28
NA
CVE-2010-3752
programs/pluto/xauth.c in the client in Openswan 2.6.25 up to and including 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-...
Xelerance Openswan 2.6.25
Xelerance Openswan 2.6.26
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.28
NA
CVE-2005-0162
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x prior to 1.0.9, and Openswan 2.x prior to 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated malicious users to execute arbitrary code.
Xelerance Openswan 2.3.0
Openswan Openswan
NA
CVE-2010-3302
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 up to and including 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
Xelerance Openswan 2.6.25
Xelerance Openswan 2.6.26
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.28
NA
CVE-2009-2185
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 prior to 2.8.10, 4.2 prior to 4.2.16, and 4.3 prior to 4.3.2; and (b) openSwan 2.6 prior to 2.6.22 and 2.4 prior to 2.4.15 allows remote malicious users to cause a d...
Strongswan Strongswan 2.8.6
Strongswan Strongswan 2.8.5
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.2
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.12
Strongswan Strongswan 2.8.9
Strongswan Strongswan 4.2.15
Xelerance Openswan 2.6.18
Xelerance Openswan 2.6.13
Xelerance Openswan 2.6.06
Xelerance Openswan 2.6.07
Xelerance Openswan 2.4.9
Xelerance Openswan 2.4.1
Strongswan Strongswan 2.8.2
Strongswan Strongswan 2.8.1
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.1
Xelerance Openswan 2.6.16
Xelerance Openswan 2.6.20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »