Search CVE reports


Toggle filters

21 – 30 of 45 results


CVE-2020-11810

Low priority

Some fixes available 2 of 3

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel...

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed Fixed Not affected
Show less packages

CVE-2020-8953

Medium priority
Not affected

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected
Show less packages

CVE-2018-9336

Medium priority
Not affected

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause...

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected
Show less packages

CVE-2018-7544

Low priority
Ignored

** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this...

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Ignored Ignored
Show less packages

CVE-2017-12166

Low priority
Vulnerable

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-7522

Medium priority
Not affected

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected
Show less packages

CVE-2017-7521

Medium priority
Fixed

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed
Show less packages

CVE-2017-7520

Medium priority
Fixed

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed
Show less packages

CVE-2017-7512

Medium priority
Not affected

Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to...

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected
Show less packages

CVE-2017-7508

Medium priority
Fixed

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

1 affected packages

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed
Show less packages