RLSA-2022:1975 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed U...

Denial Of Service (DoS)

OpenVPN is vulnerable to denial of service. A buffer overflow exists when key-method 1 is used, possibly resulting in code execution...

CVE-2022-28575

It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows attackers to execute arbitrary commands through a carefully constructed payload...

PT-2022-19083 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setopenvpnclientcfg interface, allowing attackers to execute arbitrary commands through a carefully constructed payload. Recommendations: For...

Debian: Security Advisory (DLA-2992-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2992-1] openvpn security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2992-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 03, 2022 https://wiki.debian.org/LTS -...

Debian DLA-2992-1 : openvpn - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2992 advisory. - OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code...

DLA-2992-1 openvpn - security update

Bulletin has no description...

Slackware: Security Advisory (SSA:2020-107-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2014-344-04)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2018-116-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2017-172-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

Design/Logic Flaw

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

CVE-2022-25166

CVE-2022-25166 and CVE-2022-25165 affect Amazon AWS VPN Client 2.0.0. A crafted OpenVPN configuration file can trigger exposure of Net-NTLMv2 hashes and, in the TOCTOU case, allow injection of parameters outside the allow list, enabling an arbitrary file write as SYSTEM. CVE-25166 requires the us...

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

OESA-2022-1612 openvpn security update

OpenVPN can be extended through the --plugin option, which provides possibilities to add specialized authentication, user accounting, packet filtering and related features. These plug-ins need to be written in C and provides a more low-level and information rich access to similar features as the...

Security Bulletin: IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks (CVE-2016-2183 CVE-2016-6329).

Summary IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS and OpenVPN openssl ,redhat,openVPN Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in t...