Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2380 matches found

OSV
OSVadded 2020/05/04 2:15 p.m.3 views

CVE-2020-11462

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion XEE payload to the XMLRPC based RPC2 interface. The...

7.5CVSS5.8AI score0.01251EPSS
Exploits0References1
Prion
Prionadded 2020/05/04 2:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion XEE payload to the XMLRPC based RPC2 interface. The...

4.3CVSS7.5AI score0.01251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/05/04 1:45 p.m.14 views

CVE-2020-11462

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion XEE payload to the XMLRPC based RPC2 interface. The...

8AI score0.01251EPSS
Exploits0References1
CVE
CVEadded 2020/05/04 1:45 p.m.55 views

CVE-2020-11462

CVE-2020-11462 affects OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. When the full-featured RPC2 interface is enabled, sending an XML Entity Expansion (XEE) payload to the XMLRPC-based RPC2 interface can trigger a temporary DoS on the management interface. The DoS duration depend...

7.5CVSS7.6AI score0.01251EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2020/05/04 12:0 a.m.32 views

Fedora 30 : openvpn (2020-969414e05b)

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new...

4.3CVSS6.5AI score0.01609EPSS
Exploits1References2
Fedora
Fedoraadded 2020/05/03 4:41 a.m.37 views

[SECURITY] Fedora 30 Update: openvpn-2.4.9-1.fc30

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

4.3CVSS1.5AI score0.01609EPSS
Exploits1
OpenVAS
OpenVASadded 2020/04/30 12:0 a.m.30 views

Fedora: Security Advisory for openvpn (FEDORA-2020-e56f2deb30)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.3CVSS4.6AI score0.01609EPSS
Exploits1References2
OpenVAS
OpenVASadded 2020/04/30 12:0 a.m.57 views

Fedora: Security Advisory for openvpn (FEDORA-2020-c1cb4ebcd9)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.3CVSS4.6AI score0.01609EPSS
Exploits1References2
Fedora
Fedoraadded 2020/04/29 2:13 a.m.32 views

[SECURITY] Fedora 32 Update: openvpn-2.4.9-1.fc32

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

4.3CVSS1.5AI score0.01609EPSS
Exploits1
NVD
NVDadded 2020/04/27 3:15 p.m.18 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS4.3AI score0.01609EPSS
Exploits1References8
OSV
OSVadded 2020/04/27 3:15 p.m.1 views

DEBIAN-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.9AI score0.01609EPSS
Exploits1References1
OSV
OSVadded 2020/04/27 3:15 p.m.23 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.6AI score0.01609EPSS
Exploits1References8
OSV
OSVadded 2020/04/27 3:15 p.m.1 views

ALPINE-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.9AI score0.01609EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2020/04/27 3:15 p.m.27 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS6.7AI score0.01609EPSS
Exploits1References2
Prion
Prionadded 2020/04/27 3:15 p.m.25 views

Code injection

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS4.2AI score0.01609EPSS
Exploits1References8Affected Software3
OSV
OSVadded 2020/04/27 3:15 p.m.6 views

UBUNTU-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.8AI score0.01609EPSS
Exploits1References3
Cvelist
Cvelistadded 2020/04/27 2:47 p.m.20 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.2AI score0.01609EPSS
Exploits1References8
CVE
CVEadded 2020/04/27 2:47 p.m.234 views

CVE-2020-11810

OpenVPN 2.4.x prior to 2.4.9 is affected by CVE-2020-11810. An attacker can inject a P_DATA_V2 data channel packet using a victim’s peer-id, potentially dropping the victim’s connection if the packet arrives before data channel crypto parameters are initialized. The attack relies on a small timin...

4.3CVSS4.1AI score0.01609EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVEadded 2020/04/27 2:47 p.m.23 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS6.2AI score0.01609EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2020/04/27 2:47 p.m.33 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS4.4AI score0.01609EPSS
Exploits1
Rows per page
Query Builder