Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluto vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32973
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for...
6.5
CVSSv3
CVE-2023-38710
An issue exists in Libreswan prior to 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies o...
Libreswan Libreswan
6.5
CVSSv3
CVE-2023-38711
An issue exists in Libreswan prior to 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4....
Libreswan Libreswan
6.5
CVSSv3
CVE-2023-38712
An issue exists in Libreswan 3.x and 4.x prior to 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the del...
Libreswan Libreswan
7.5
CVSSv3
CVE-2023-30570
pluto in Libreswan prior to 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
Libreswan Libreswan
1 Github repository
7.5
CVSSv3
CVE-2023-2295
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the ...
Libreswan Libreswan 4.9-1.el8
Libreswan Libreswan 4.9-1.el9
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Server Aus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
7.5
CVSSv3
CVE-2022-23094
Libreswan 4.2 up to and including 4.5 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
Libreswan Libreswan
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
Apache Pluto
6.1
CVSSv3
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
Apache Pluto
6.1
CVSSv3
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
Apache Pluto 3.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »