SUSE SLED15 / SLES15 Security Update : openvpn (SUSE-SU-2021:1577-1)

This update for openvpn fixes the following issues : CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. CVE-2018-7544: Fixed cross-protocol scripting iss...

SUSE-SU-2021:1577-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. - CVE-2018-7544: Fixed cross-protocol scriptin...

SUSE-SU-2021:1576-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803...

SUSE-SU-2021:14723-1 Security update for openvpn-openssl1

This update for openvpn-openssl1 fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803...

VPN protocols explained and compared

A Virtual Private Network VPN creates a safe "tunnel" between you and a computer you trust normally your VPN provider to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that dont us...

Ubuntu: Security Advisory (USN-4933-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27518

All versions of Windscribe VPN for Mac and Windows = v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM...

Privilege escalation

All versions of Windscribe VPN for Mac and Windows = v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM...

CVE-2020-27518

All versions of Windscribe VPN for Mac and Windows = v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM...

USN-4933-1: OpenVPN vulnerabilities

It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11810 It was discovered that OpenVPN incorrectly...

USN-4933-1 openvpn vulnerabilities

It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11810 It was discovered that OpenVPN incorrectly...

Ubuntu 18.04 LTS / 20.04 LTS : OpenVPN vulnerabilities (USN-4933-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4933-1 advisory. It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject...

Fedora: Security Advisory for openvpn (FEDORA-2021-d6b9d8497b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-27519

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

CVE-2020-27519

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

Privilege escalation

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

CVE-2020-27519

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

CVE-2020-27519

CVE-2020-27519 affects Pritunl Client v1.2.2550.20, with a local privilege-escalation in the pritunl-service component. The attack vector is a malicious OpenVPN config; a local attacker can abuse log and log-append with log injection to create or append to privileged script files and execute code...

pritunl 安全漏洞

pritunl is a distributed enterprise vpn service based on the Open VPN protocol for individual developers. The product provides visualization of vpn connection status. A security vulnerability exists in Pritunl Client v1.2.2550.20, which can be exploited by a local attacker with a malicious openvp...

Information Disclosure

openvpn is vulnerable to information disclosure. An attacker is able to bypass authorization and authentication controls on servers configured with deferred authentication to obtain confidential information...