2423 matches found
OpenVPN Access Server 2.1.4 - CRLF Injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...
CVE-2026-15204
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...
CVE-2026-15204
TOTOLINK X5000R is affected by CVE-2026-15204. The OpenVPN Export feature (file /web/cgi-bin/cstecgi.cgi, function exportOvpn) is vulnerable to path traversal. The vulnerability can be exploited remotely. Details in connected records identify the affected product/version (9.1.0cu.2415_B20250515/9...
EUVD-2026-42660
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...
CVE-2026-15204 TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415B20250515/9.1.0cu.2350B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...
CVE-2025-3110
A flaw in OpenVPN Access Server allows remote attackers to smuggle HTTP requests when the server operates behind a reverse proxy. The issue stems from the server accepting unstandardized bare line-feed sequences in HTTP headers. Mitigation To mitigate this issue, ensure that any reverse proxy...
OpenVPN 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Multiple Vulnerabilities
According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by multiple vulnerabilities: - A use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel and authentication packets. CVE-2026-12996 - A...
OpenVPN 2.5.0 < 2.5.12 / 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Memory Leak DoS
According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service vulnerability: - A memory leak in tls-crypt-v2 client key handling allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a deni...
CVE-2025-3110
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
Updated openvpn packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...
CVE-2025-3110
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
CVE-2025-3110
CVE-2025-3110 affects OpenVPN Access Server 2.7.2 through 3.1.0, where the server accepts bare line-feed sequences inside HTTP header values, enabling HTTP request smuggling when deployed behind a reverse proxy. Red Hat’s advisory notes this flaw stems from unstandardized LF handling in HTTP head...
EUVD-2025-210441
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
CVE-2026-13698
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
EUVD-2026-41880
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
CVE-2026-13122
Summary: CVE-2026-13122 affects OpenVPN up to v2.6.20 and v2.7.4 (including 2.7_alpha1–2.7.4). A malformed authentication token, when external-auth is enabled, can trigger a reachable assertion and cause a denial of service. Impact: Denial of service; vulnerability affects remote attacker exploit...