Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluto vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2010-3302
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 up to and including 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
Xelerance Openswan 2.6.25
Xelerance Openswan 2.6.26
Xelerance Openswan 2.6.27
Xelerance Openswan 2.6.28
445
VMScore
CVE-2009-2661
The asn1_length function in strongSwan 2.8 prior to 2.8.11, 4.2 prior to 4.2.17, and 4.3 prior to 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote malicious users to cause a denial of service (pluto IKE daemon...
Strongswan Strongswan 2.8.5
Strongswan Strongswan 2.8.6
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.0
Strongswan Strongswan 2.8.10
Strongswan Strongswan 4.2.16
Strongswan Strongswan 2.8.3
Strongswan Strongswan 2.8.4
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.14
Strongswan Strongswan 4.3.1
Strongswan Strongswan 4.3.2
Strongswan Strongswan 2.8.1
Strongswan Strongswan 2.8.2
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.2.15
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.3.0
Strongswan Strongswan 2.8.0
Strongswan Strongswan 2.8.7
Strongswan Strongswan 2.8.8
Strongswan Strongswan 4.2.2
445
VMScore
CVE-2009-2185
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 prior to 2.8.10, 4.2 prior to 4.2.16, and 4.3 prior to 4.3.2; and (b) openSwan 2.6 prior to 2.6.22 and 2.4 prior to 2.4.15 allows remote malicious users to cause a d...
Strongswan Strongswan 2.8.6
Strongswan Strongswan 2.8.5
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.2
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.12
Strongswan Strongswan 2.8.9
Strongswan Strongswan 4.2.15
Xelerance Openswan 2.6.18
Xelerance Openswan 2.6.13
Xelerance Openswan 2.6.06
Xelerance Openswan 2.6.07
Xelerance Openswan 2.4.9
Xelerance Openswan 2.4.1
Strongswan Strongswan 2.8.2
Strongswan Strongswan 2.8.1
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.1
Xelerance Openswan 2.6.16
Xelerance Openswan 2.6.20
445
VMScore
CVE-2009-1957
charon/sa/ike_sa.c in the charon daemon in strongSWAN prior to 4.3.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA req...
Strongswan Strongswan 2.1.3
Strongswan Strongswan 2.1.4
Strongswan Strongswan 2.4.0
Strongswan Strongswan 2.4.0a
Strongswan Strongswan 2.5.2
Strongswan Strongswan 2.5.3
Strongswan Strongswan 2.6.16
Strongswan Strongswan 2.6.2
Strongswan Strongswan 2.8.3
Strongswan Strongswan 2.8.4
Strongswan Strongswan 4.0.2
Strongswan Strongswan 4.0.3
Strongswan Strongswan 4.1.10
Strongswan Strongswan 4.1.11
Strongswan Strongswan 4.1.2
Strongswan Strongswan 4.1.9
Strongswan Strongswan 4.2.0
Strongswan Strongswan 2.0.0
Strongswan Strongswan 2.0.1
Strongswan Strongswan 2.1.5
Strongswan Strongswan 2.2.0
Strongswan Strongswan 2.4.1
445
VMScore
CVE-2009-1958
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN prior to 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote malicious users to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.
Strongswan Strongswan 4.0.3
Strongswan Strongswan 4.1.10
Strongswan Strongswan 4.1.6
Strongswan Strongswan 4.1.7
Strongswan Strongswan 4.2.4
Strongswan Strongswan 4.2.5
Strongswan Strongswan
Strongswan Strongswan 2.4.0a
Strongswan Strongswan 2.1.4
Strongswan Strongswan 2.1.3
Strongswan Strongswan 2.3.1
Strongswan Strongswan 2.4.2
Strongswan Strongswan 2.4.3
Strongswan Strongswan 2.5.2
Strongswan Strongswan 4.1.0
Strongswan Strongswan 4.1.2
Strongswan Strongswan 4.1.5
Strongswan Strongswan 4.1.4
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.2
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.2.12
445
VMScore
CVE-2009-0790
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 prior to 2.6.21 and 2.4 prior to 2.4.14, and Strongswan 4.2 prior to 4.2.14 and 2.8 prior to 2.8.9, allows remote malicious users to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R...
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.11
Strongswan Strongswan 2.8.2
Strongswan Strongswan 2.8.3
Strongswan Strongswan 2.4.1
Strongswan Strongswan 2.4.0a
Xelerance Openswan 2.6.07
Xelerance Openswan 2.6.08
Xelerance Openswan 2.6.16
Xelerance Openswan 2.4.0
Xelerance Openswan 2.4.3
Xelerance Openswan 2.4.5
Strongswan Strongswan 2.6.1
Strongswan Strongswan 2.6.2
Strongswan Strongswan 4.2.4
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.7
Strongswan Strongswan 2.8.8
Strongswan Strongswan 2.8.6
Strongswan Strongswan 2.8.7
445
VMScore
CVE-2008-4190
The IPSEC livetest tool in Openswan 2.4.12 and previous versions, and 2.6.x up to and including 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: i...
Openswan Openswan 1.0.9
Openswan Openswan 2.1.1
Xelerance Openswan 2.4.0
Xelerance Openswan 2.4.2
Xelerance Openswan 2.3.1
Xelerance Openswan 2.6.04
Xelerance Openswan 2.6.05
Xelerance Openswan 2.6.12
Xelerance Openswan 2.6.13
Openswan Openswan 2.2
Openswan Openswan 2.3
Openswan Openswan 1.0.4
Xelerance Openswan 2.6.03
Xelerance Openswan 2.6.10
Xelerance Openswan 2.6.11
Openswan Openswan 2.1.5
Openswan Openswan 2.1.6
Openswan Openswan 1.0.6
Openswan Openswan 1.0.5
Xelerance Openswan 2.6.08
Xelerance Openswan 2.6.09
Xelerance Openswan 2.6.16
1 EDB exploit
641
VMScore
CVE-2005-0162
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x prior to 1.0.9, and Openswan 2.x prior to 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated malicious users to execute arbitrary code.
Xelerance Openswan 2.3.0
Openswan Openswan
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4