Lucene search
K

136 matches found

CNNVD
CNNVD
added 2023/08/22 12:0 a.m.5 views

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

7.5CVSS7.3AI score0.00687EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.6 views

PT-2023-5282 · Asus · Asus Rt-Ax88U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX88U affected versions not specified Description: The issue is related to the use of externally controllable format strings within the Advanced Open VPN function of the ASUS RT-AX88U router. An authenticated remote attacker can explo...

9CVSS8.4AI score0.00645EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.31 views

Amazon Linux AMI : openvpn (ALAS-2023-1719)

The version of openvpn installed on the remote host is prior to 2.4.12-1.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1719 advisory. OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of...

9.8CVSS7.3AI score0.03519EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

7.5CVSS7.1AI score0.03855EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...

6.5CVSS6.9AI score0.05539EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.6 views

CVE-2022-48125

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function...

10AI score0.01958EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.7 views

CVE-2022-44844

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...

9.8AI score0.01958EPSS
Exploits1References1
Veracode
Veracode
added 2022/05/07 6:1 a.m.19 views

Denial Of Service (DoS)

OpenVPN is vulnerable to denial of service. A buffer overflow exists when key-method 1 is used, possibly resulting in code execution...

9.8CVSS4.1AI score0.03629EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.44 views

Ubuntu 18.04 LTS / 20.04 LTS : OpenVPN vulnerability (USN-5347-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5347-1 advisory. It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use...

9.8CVSS7.4AI score0.03519EPSS
Exploits0References2
Redos
Redos
added 2021/09/08 12:0 a.m.31 views

ROS-2-448

2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

6.9AI score0.01609EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/07/12 10:35 a.m.11 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS7.5AI score0.00972EPSS
Exploits0
CNVD
CNVD
added 2021/07/05 12:0 a.m.7 views

OpenVPN suffers from an unspecified vulnerability (CNVD-2021-49155)

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

7.8CVSS7AI score0.00344EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/03 12:0 a.m.7 views

OpenVPN has an unspecified vulnerability

Openvpn OpenVPN is a software package from the American company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificat...

7.8CVSS6.6AI score0.00358EPSS
Exploits0References1
NCSC
NCSC
added 2021/04/26 12:0 a.m.4 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...

7.5CVSS7.1AI score0.05107EPSS
Exploits0
OSV
OSV
added 2021/03/05 11:2 a.m.5 views

OESA-2021-1064 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

4.3CVSS6.9AI score0.01609EPSS
Exploits1References2
CNVD
CNVD
added 2021/02/19 12:0 a.m.3 views

Command Execution Vulnerability in OpenVPN

OpenVPN is a software package for creating encrypted channels for virtual private networks. OpenVPN has a command execution vulnerability that can be exploited by an attacker to elevate privileges...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/27 12:0 a.m.7 views

The vulnerability of the OpenVPN software arises from insufficient validation of input data. This allows a hacker to redirect a client session to a new IP address and trigger a service failure.

The vulnerability of the OpenVPN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect a client session to a new IP address and cause a service failure...

3.7CVSS6.6AI score0.01609EPSS
Exploits1References13Affected Software5
OSV
OSV
added 2017/10/18 8:19 p.m.10 views

MGASA-2017-0372 Updated openvpn packages fix security vulnerability

The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...

9.8CVSS9.4AI score0.03629EPSS
Exploits0References5
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.5 views

BSA-2017-379

Security Advisory ID : BSA-2017-379 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Affected Products Brocade is investigating its product...

7.4CVSS6.9AI score0.0338EPSS
Exploits0
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.6 views

BSA-2017-378

Security Advisory ID : BSA-2017-378 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Affected Products Brocade is investigating its product lines to determine which products...

7.5CVSS7AI score0.04759EPSS
Exploits0
Rows per page
Query Builder