HCE3-SA-2025-0158 Critical HCE 3.0 Security Fix(es): strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker_x27;s control) that doesn_x27;t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. (CVE-2022-40617) A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. (CVE-2021-40990) A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. (CVE-2021-40991) In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. (CVE-2021-45079) HCE 3.0 strongswan-5.9.10-5.hce3.x86_64.rpm strongswan-charon-nm-5.9.10-5.hce3.x86_64.rpm strongswan-libipsec-5.9.10-5.hce3.x86_64.rpm strongswan-sqlite-5.9.10-5.hce3.x86_64.rpm strongswan-tnc-imcvs-5.9.10-5.hce3.x86_64.rpm strongswan-5.9.10-5.hce3.aarch64.rpm strongswan-charon-nm-5.9.10-5.hce3.aarch64.rpm strongswan-libipsec-5.9.10-5.hce3.aarch64.rpm strongswan-sqlite-5.9.10-5.hce3.aarch64.rpm strongswan-tnc-imcvs-5.9.10-5.hce3.aarch64.rpm