Lucene search
K

2382 matches found

BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.4 views

The vulnerability of the OpenSSL library used in OpenVPN software allows a hacker to execute arbitrary code.

The vulnerability of the OpenSSL library used in OpenVPN software is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.5AI score0.00344EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/07/12 8:26 p.m.2 views

MGASA-2021-0344 Updated webmin package fixes security vulnerability

The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2...

7AI score
Exploits0References4
Mageia
Mageia
added 2021/07/12 8:26 p.m.24 views

Updated webmin package fixes security vulnerability

The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2...

3.2AI score
Exploits0References3
NVD
NVD
added 2021/07/12 11:15 a.m.13 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS0.00972EPSS
Exploits0References2
OSV
OSV
added 2021/07/12 11:15 a.m.22 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS7AI score0.00972EPSS
Exploits0References2
Prion
Prion
added 2021/07/12 11:15 a.m.17 views

Design/Logic Flaw

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

5.8CVSS7.5AI score0.00972EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/07/12 11:15 a.m.3 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS5.5AI score0.00972EPSS
Exploits0References3
CVE
CVE
added 2021/07/12 10:35 a.m.64 views

CVE-2021-3547

OpenVPN 3 Core Library versions 3.6–3.6.1 are affected by a vulnerability that lets a man-in-the-middle bypass certificate authentication by issuing an unrelated server certificate that uses the same hostname as configured in verify-x509-name. This is a client-side trust management issue in certi...

7.4CVSS7.4AI score0.00972EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/12 10:35 a.m.17 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.7AI score0.00972EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/07/12 10:35 a.m.9 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS7.5AI score0.00972EPSS
Exploits0
NCSC
NCSC
added 2021/07/12 12:0 a.m.3 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...

7.4CVSS6.9AI score0.00972EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

OpenVPN 信任管理问题漏洞

OpenVPN is a software package for creating virtual private network VPN encrypted tunnels from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

7.4CVSS7.2AI score0.00972EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.6 views

PT-2021-20922 · Openvpn · Openvpn 3 Core Library

Name of the Vulnerable Software and Affected Versions: OpenVPN 3 Core Library versions 3.6 through 3.6.1 Description: The issue allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the...

7.4CVSS7.4AI score0.00972EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.4 views

The vulnerability of the software used to create the private virtual network astra-openvpn-server lies in errors in the authentication process, which allow a perpetrator to cause service interruptions.

The software vulnerability related to the creation of a private virtual network, astra-openvpn-server, is caused by an error in certificate rehydration. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

4CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.5 views

The vulnerability of the software used to create the private virtual network astra-openvpn-server, related to its configuration, allows a hacker to trigger a service failure.

The vulnerability of the software used to create the private virtual network astra-openvpn-server is related to incorrect configuration of IP addresses. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

2.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.6 views

The vulnerability of the software for creating a private virtual network, astra-openvpn-server, relates to the bypass of authentication due to a fundamental error. This allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the software used to create the private virtual network astra-openvpn-serve is related to the improper creation of certificates, which are generated without authentication parameters. Exploiting this vulnerability allows a malicious actor to gain access to confidential data,...

6CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/07 12:0 a.m.4 views

The vulnerability of the software for creating a private virtual network, astra-openvpn-server, related to code errors, allows a intruder to trigger a service failure.

The vulnerability of the software used to create the private virtual network astra-openvpn-server is related to a code error that prevents the /etc/openvpn/keys/ directory from being created. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

3.5CVSS5.6AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/07/06 12:0 a.m.17 views

Unspecified Vulnerability in OpenVPN Connect

Openvpn OpenVPN Connect is a VPN Virtual Private Network client application from the American company OpenVPN Openvpn. A security vulnerability exists in OpenVPNConnect 3.2.0 through 3.3.0 that allows a local user to load arbitrary dynamically loadable libraries if present via an OpenSSL...

7.8CVSS6.7AI score0.00568EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.7 views

OpenVPN suffers from an unspecified vulnerability (CNVD-2021-49155)

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

7.8CVSS7AI score0.00344EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2021/07/02 5:39 p.m.21 views

Advisory ROSA-SA-2021-1940

Software: openvpn 2.4.9 OS: Cobalt 7.9 CVE-ID: CVE-2020-11462 CVE-Crit: HIGH CVE-DESC: The issue was found in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. When the full-featured RPC2 interface is enabled, a temporary management interface DoS state can be reached when sending an XML...

9.8CVSS7.3AI score0.02251EPSS
Exploits0
Rows per page
Query Builder