Every CVE whose affected-product data names Xelerance Openswan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2005-3671 — CVSS 7.8 (high): The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before…
CVE-2018-15836 — CVSS 7.5 (high): In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of…
CVE-2005-0162 — CVSS 7.2 (high): Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x…
CVE-2013-2053 — CVSS 6.8 (medium): Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used…
CVE-2010-3753 — CVSS 6.5 (medium): programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands…
CVE-2010-3302 — CVSS 6.5 (medium): Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to…
CVE-2010-3308 — CVSS 6.5 (medium): Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to…
CVE-2010-3752 — CVSS 6.5 (medium): programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands…
CVE-2009-2185 — CVSS 5.0 (medium): The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2…
CVE-2011-3380 — CVSS 5.0 (medium): Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash)…
CVE-2009-0790 — CVSS 5.0 (medium): The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8…
CVE-2013-6466 — CVSS 5.0 (medium): Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via…
CVE-2014-2037 — CVSS 5.0 (medium): Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets…
CVE-2008-4190 — CVSS 4.4 (medium): The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and…
CVE-2011-4073 — CVSS 4.0 (medium): Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated…
CVE-2019-10155 — CVSS 3.1 (low): The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity…