OESA-2025-1397 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

OESA-2025-1396 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

[SECURITY] Fedora 40 Update: openvpn-2.6.14-1.fc40

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora: Security Advisory (FEDORA-2025-3711fce03c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : openvpn (2025-3711fce03c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3711fce03c advisory. Update to upstream OpenVPN 2.6.14 Fixes CVE-2025-2704 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Cosy+ firmware 21.2s7 - Command Injection

Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...

OPENSUSE-SU-2025:14979-1 openvpn-2.6.14-1.1 on GA media

These are all security issues fixed in the openvpn-2.6.14-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 41 Update: openvpn-2.6.14-1.fc41

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora 41 : openvpn (2025-277b5e1d96)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-277b5e1d96 advisory. Update to upstream OpenVPN 2.6.14 Fixes CVE-2025-2704 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

ABB Arctic Wireless Gateways

SUMMARY ABB is aware of public reports of the vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploited modem module vulnerabilities could run arbitrary code in the wireless modem module of the product. This could lead to denial of...

SUSE: Security Advisory (SUSE-SU-2025:1131-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Interactive Service (iservice) of the OpenVPN GUI software allows a malicious individual to gain unauthorized access to the user’s account.

The vulnerability of the Interactive Service iservice of the OpenVPN GUI software relates to deficiencies in access control when processing the SeImpersonatePrivilege parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the user account...

OpenVPN Privilege Escalation Vulnerability (Apr 2025) - Windows

OpenVPN is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...

SUSE CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

SUSE SLES15 Security Update : openvpn (SUSE-SU-2025:1131-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1131-1 advisory. - CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Tenable has extracted the...

Ubuntu: Security Advisory (USN-7411-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN Server versions 2.6.1 <= 2.6.13 DoS

OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...