104 matches found
SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...
Security update for openvpn (important)
openSUSE security update: security update for openvpn ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20137-1 Rating: important References: bsc1254486 Cross-References: CVE-2025-13086 CVSS scores: CVE-2025-13086 SUSE : 7.5...
OPENSUSE-SU-2026:20137-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...
SUSE-SU-2026:20196-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...
CVE-2025-13086
A flaw was found in OpenVPN. This vulnerability allows a denial of service DoS for the originating client via improper validation of source Internet Protocol IP addresses, allowing an attacker to open a session from a different IP address which did not initiate the connection. Mitigation Mitigati...
Server-Side Request Forgery (SSRF)
PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...
CVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
CVE-2025-65513 affects fetch-mcp v1.0.2 and earlier. The vulnerability is Server-Side Request Forgery (SSRF) that allows bypassing private IP validation to reach internal network resources. Reported root cause involves the is_ip_private logic in fetch-mcp server code (notably in the MCP fetch-ser...
OESA-2025-2778 openvpn security update
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...
OESA-2025-2777 openvpn security update
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...
CVE-2025-13086
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...
ALPINE-CVE-2025-13086
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...
Ubuntu: Security Advisory (USN-7898-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability
WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...
CVE-2025-12039
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
EUVD-2025-198393
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
UBUNTU-CVE-2025-13086
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...
OpenVPN -- HMAC verification on source IP address ineffective
Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...
EUVD-2017-7104
Malware in sbrugna...
EUVD-2021-2458
Malware in sbrugna...