Lucene search
K

62 matches found

Tenable Nessus
Tenable Nessus
added 2021/05/13 12:0 a.m.39 views

SUSE SLED15 / SLES15 Security Update : openvpn (SUSE-SU-2021:1577-1)

This update for openvpn fixes the following issues : CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. CVE-2018-7544: Fixed cross-protocol scripting iss...

9.1CVSS6.4AI score0.05107EPSS
Exploits2References10
Prion
Prion
added 2018/03/16 3:29 p.m.19 views

Input validation

DISPUTED A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensiti...

6.4CVSS9.3AI score0.01899EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2018/03/16 3:29 p.m.19 views

CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

9.1CVSS7.1AI score0.01899EPSS
Exploits1References2
NVD
NVD
added 2018/03/16 3:29 p.m.20 views

CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

9.1CVSS8.9AI score0.01899EPSS
Exploits1References1
OSV
OSV
added 2018/03/16 3:29 p.m.0 views

DEBIAN-CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

9.1CVSS7.2AI score0.01899EPSS
Exploits1References1
OSV
OSV
added 2018/03/16 3:29 p.m.3 views

UBUNTU-CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

9.1CVSS7AI score0.01899EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2018/03/16 3:0 p.m.5 views

CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

7.5AI score0.01899EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/16 3:0 p.m.27 views

CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

8AI score0.01899EPSS
Exploits1References1
CVE
CVE
added 2018/03/16 3:0 p.m.158 views

CVE-2018-7544

CVE-2018-7544 affects OpenVPN up to 2.4.5 where the management interface, if exposed over TCP without authentication and no clients connected, allows cross-protocol scripting via XMLHttpRequest to localhost:23000. An attacker can issue arbitrary management commands, exfiltrate data, or trigger a ...

9.1CVSS7.9AI score0.01899EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2018/03/16 3:0 p.m.30 views

CVE-2018-7544

Removed by vendor...

9.1CVSS7.4AI score0.01899EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2018/03/16 12:0 a.m.2 views

PT-2018-18148 · Openvpn +3 · Openvpn +3

Name of the Vulnerable Software and Affected Versions: OpenVPN versions through 2.4.5 Description: A cross-protocol scripting issue was discovered in the management interface of OpenVPN. When this interface is enabled over TCP without a password and no other clients are connected, attackers can...

9.1CVSS8AI score0.05107EPSS
Exploits3References39
Debian
Debian
added 2018/01/22 2:43 a.m.24 views

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

9.3CVSS1.2AI score0.04582EPSS
Exploits1
Debian
Debian
added 2018/01/22 2:43 a.m.25 views

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

9.6CVSS9.3AI score0.04582EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.26 views

Debian DSA-4093-1 : openocd - security update

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD...

9.6CVSS8.6AI score0.04582EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.26 views

Debian DLA-1253-1 : openocd security update

OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted website. For Debian 7...

9.6CVSS8.8AI score0.04582EPSS
Exploits1References3
Debian
Debian
added 2018/01/21 7:54 p.m.21 views

[SECURITY] [DLA 1253-1] openocd security update

Package : openocd Version : 0.5.0-1+deb7u1 CVE ID : CVE-2018-5704 Debian Bug : 887488 OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks...

9.6CVSS9.6AI score0.04582EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/01/21 12:0 a.m.18 views

Debian: Security Advisory (DLA-1253-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS9.4AI score0.04582EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2018/01/20 12:0 a.m.37 views

Debian: Security Advisory (DSA-4093-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS9.4AI score0.04582EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2018/01/16 9:29 a.m.23 views

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

9.6CVSS7.2AI score0.04582EPSS
Exploits1References5
Prion
Prion
added 2018/01/16 9:29 a.m.18 views

Design/Logic Flaw

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

9.3CVSS9AI score0.04582EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder