136 matches found
OpenVPN 安全漏洞
OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...
PT-2023-5282 · Asus · Asus Rt-Ax88U
Name of the Vulnerable Software and Affected Versions: ASUS RT-AX88U affected versions not specified Description: The issue is related to the use of externally controllable format strings within the Advanced Open VPN function of the ASUS RT-AX88U router. An authenticated remote attacker can explo...
Amazon Linux AMI : openvpn (ALAS-2023-1719)
The version of openvpn installed on the remote host is prior to 2.4.12-1.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1719 advisory. OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of...
SUSE CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
SUSE CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...
CVE-2022-48125
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function...
CVE-2022-44844
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...
Denial Of Service (DoS)
OpenVPN is vulnerable to denial of service. A buffer overflow exists when key-method 1 is used, possibly resulting in code execution...
Ubuntu 18.04 LTS / 20.04 LTS : OpenVPN vulnerability (USN-5347-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5347-1 advisory. It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use...
ROS-2-448
2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
CVE-2021-3547
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...
OpenVPN suffers from an unspecified vulnerability (CNVD-2021-49155)
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
OpenVPN has an unspecified vulnerability
Openvpn OpenVPN is a software package from the American company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificat...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...
OESA-2021-1064 openvpn security update
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...
Command Execution Vulnerability in OpenVPN
OpenVPN is a software package for creating encrypted channels for virtual private networks. OpenVPN has a command execution vulnerability that can be exploited by an attacker to elevate privileges...
The vulnerability of the OpenVPN software arises from insufficient validation of input data. This allows a hacker to redirect a client session to a new IP address and trigger a service failure.
The vulnerability of the OpenVPN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect a client session to a new IP address and cause a service failure...
MGASA-2017-0372 Updated openvpn packages fix security vulnerability
The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...
BSA-2017-379
Security Advisory ID : BSA-2017-379 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Affected Products Brocade is investigating its product...
BSA-2017-378
Security Advisory ID : BSA-2017-378 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Affected Products Brocade is investigating its product lines to determine which products...