Search CVE reports

Toggle filters

11 – 20 of 53 results

CVE-2024-27903

Medium priority
Ignored

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-27459

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24974

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-28820

Medium priority
Needs evaluation

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...

1 affected package

openvpn-auth-ldap

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn-auth-ldap Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2024-5594

Medium priority
Fixed

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-28882

Medium priority
Fixed

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-3661

High priority
Ignored

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...

29 affected packages

tinc, vpnc, connman, gadmin-openvpn-client, gadmin-openvpn-server...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tinc Ignored Ignored Ignored Ignored
vpnc Ignored Ignored Ignored Ignored
connman Ignored Ignored Ignored Ignored
gadmin-openvpn-client Not in release Not in release Ignored Ignored
gadmin-openvpn-server Not in release Not in release Ignored Ignored
golang-github-apparentlymart-go-openvpn-mgmt Ignored Ignored Ignored
kvpnc Not in release Not in release Not in release Ignored
libreswan Ignored Ignored Ignored Ignored
mozillavpn Not in release Ignored Not in release
n2n Ignored Ignored Ignored Ignored
network-manager-fortisslvpn Ignored Ignored Ignored Ignored
network-manager-iodine Ignored Ignored Ignored Ignored
network-manager-l2tp Ignored Ignored Ignored Ignored
network-manager-openconnect Ignored Ignored Ignored Ignored
network-manager-openvpn Ignored Ignored Ignored Ignored
network-manager-pptp Ignored Ignored Ignored Ignored
network-manager-sstp Ignored Ignored Not in release
network-manager-strongswan Ignored Ignored Ignored Ignored
network-manager-vpnc Ignored Ignored Ignored Ignored
openconnect Ignored Ignored Ignored Ignored
openfortivpn Ignored Ignored Ignored Ignored
openvpn Ignored Ignored Ignored Ignored
pptp-linux Ignored Ignored Ignored Ignored
pptpd Not in release Ignored Ignored Ignored
quicktun Ignored Ignored Ignored Ignored
riseup-vpn Ignored Not in release Not in release
softether-vpn Ignored Ignored Not in release
sshuttle Ignored Ignored Ignored Ignored
wireguard Ignored Ignored Ignored Ignored
Show all 29 packages Show less packages

CVE-2023-6247

Medium priority
Not affected

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-46850

Medium priority
Fixed

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected
Show less packages

CVE-2023-46849

Medium priority
Fixed

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

1 affected package

openvpn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON