Lucene search
+L

325 matches found

OSV
OSV
added 2026/07/08 4:36 p.m.3 views

MGASA-2026-0236 Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.1AI score0.00549EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 4:16 p.m.8 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS0.00487EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 4:16 p.m.5 views

ALPINE-CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.3CVSS6.1AI score0.00487EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 2:32 p.m.6 views

EUVD-2026-41880

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 2:32 p.m.38 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS0.00487EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/06 2:32 p.m.7 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 2:32 p.m.21 views

CVE-2026-13122

Summary: CVE-2026-13122 affects OpenVPN up to v2.6.20 and v2.7.4 (including 2.7_alpha1–2.7.4). A malformed authentication token, when external-auth is enabled, can trigger a reachable assertion and cause a denial of service. Impact: Denial of service; vulnerability affects remote attacker exploit...

5.9CVSS6AI score0.00487EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:32 p.m.13 views

CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55942

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.20 OpenVPN versions 2.7 alpha1 through 2.7.4 Description A remote attacker can cause a denial of service when the external-auth feature is enabled. This occurs by sending a malformed authentication token that...

5.9CVSS6.1AI score0.00487EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 p.m.17 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5CVSS0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 3:24 p.m.16 views

EUVD-2026-31459

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5CVSS5.8AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:24 p.m.10 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5.8AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 3:24 p.m.14 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

5CVSS5.9AI score0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42791

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5.8AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 7:12 p.m.28 views

EUVD-2026-30607

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

8.1CVSS5.9AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/08 12:31 a.m.11 views

EUVD-2026-28461

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References6
NVD
NVD
added 2026/05/07 10:16 p.m.14 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.5CVSS0.00266EPSS
Exploits0References5
CVE
CVE
added 2026/05/07 9:14 p.m.20 views

CVE-2026-6736

CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder