CVE-2023-28971

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance PAA Formerly Netrounds allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Tes...

Design/Logic Flaw

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance PAA Formerly Netrounds allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Tes...

CVE-2023-28971

CVE-2023-28971 affects on‑prem Juniper Networks Paragon Active Assurance prior to 4.1.2. When the optional timescaledb feature is installed, starting its container can bypass existing firewall rules limiting Test Agent (TA) communications to the Control Center (CC) via OpenVPN, enabling internal ...

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

Cross site scripting

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A security vulnerability exists in OpenWrt LuCI, which was discovered to contain a Reflected Cross-Site Scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

PT-2023-19461 · Luci · Luci

Name of the Vulnerable Software and Affected Versions: LuCI openwrt-22.03 branch git-22.361.69894-438c598 Description: A reflected cross-site scripting XSS issue was found in LuCI via the component "/openvpn/pageswitch.htm". This allows for potential XSS attacks. Recommendations: For LuCI...

Amazon Linux AMI : openvpn (ALAS-2023-1719)

The version of openvpn installed on the remote host is prior to 2.4.12-1.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1719 advisory. OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of...

Low: openvpn

Issue Overview: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

Debian: Security Advisory (DLA-98-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K30315990: OpenVPN vulnerability CVE-2016-6329

Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...

K63104801: OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522

Security Advisory Description CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive...

SUSE CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial o...

SUSE CVE-2005-2533

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service memory exhaustion via a flood of packets with a large number of spoofed MAC addresses...

SUSE CVE-2005-2532

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service client disconnection via a large number of packets that can not be decrypted...

SUSE CVE-2005-2534

Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service server crash via simultaneous TCP connections from multiple clients that use the same client certificate...

SUSE CVE-2005-3393

Format string vulnerability in the foreignoption function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option...

SUSE CVE-2005-3409

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service segmentation fault by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler...