CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

Netgate pfSense CE 代码注入漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE prior to version 2.8.0 beta, which stems from improperly cleaned user...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

PT-2025-21162 · Unknown +1 · Pfsense Ce +1

Name of the Vulnerable Software and Affected Versions: pfSense CE versions prior to 2.8.0 beta release corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to...

CVE-2024-54780

CVE-2024-54780 affects Netgate pfSense CE (prior to 2.8.0 beta) and corresponding Plus builds. The vulnerability is a command-injection flaw in the OpenVPN widget caused by improper sanitization of user-supplied input to the OpenVPN management interface, enabling an authenticated attacker to inje...

Medium: openvpn

Issue Overview: OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase CVE-2025-2704 Affected Packages: openvpn Issue Correction: Run dnf update openvpn...

Medium: openvpn

Issue Overview: OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase CVE-2025-2704 Affected Packages: openvpn Issue Correction: Run dnf update openvpn...

ROS-2-652

2.652 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-967)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-967 advisory. OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software allows a hacker to induce a service failure.

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software is related to pointer aliasing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

openSUSE Security Advisory (SUSE-SU-2025:1508-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvpn (SUSE-SU-2025:1508-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1508-1 advisory. - CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc12403...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:1508-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392...

ROS-20250505-06

A vulnerability in the TLS-crypt-v2 function of the OpenVPN software server is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

SUSE CVE-2025-3908

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory...

[SECURITY] Fedora 42 Update: openvpn-2.6.14-1.fc42

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...