SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvpn (SUSE-SU-2025:0278-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0278-1 advisory. - CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147...

openvpn-2.6.10-5.1 on GA media (moderate)

openvpn-2.6.10-5.1 on GA media Announcement ID: openSUSE-SU-2025:14707-1 Rating: moderate Cross-References: CVE-2024-5594 CVSS scores: CVE-2024-5594 SUSE : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2024-5594 SUSE : 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0278-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147...

OPENSUSE-SU-2025:14707-1 openvpn-2.6.10-5.1 on GA media

These are all security issues fixed in the openvpn-2.6.10-5.1 package on the GA media of openSUSE Tumbleweed...

OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows

OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...

FreeBSD : openvpn -- too long a username or password from a client can confuse openvpn servers (47bc292a-d472-11ef-aaab-7d43732cb6f5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 47bc292a-d472-11ef-aaab-7d43732cb6f5 advisory. Frank Lichtenheld reports: OpenVPN v2.6.13 ... improve server-side handling of clients sending username...

CVE-2024-5198

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt...

CVE-2024-5198

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt...

CVE-2024-5198

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt...

CVE-2024-5198

Summary (CVE-2024-5198): OpenVPN ovpn-dco for Windows 1.1.1 is affected. An unprivileged local attacker can send invalid I/O control data to the driver, causing a NULL pointer dereference and a system halt. The vulnerability is triggered via I/O control messages to the OpenVPN DCO Windows driver....

CVE-2024-5198

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt...

OpenVPN Data Channel Offload 代码问题漏洞

OpenVPN Data Channel Offload OpenVPN DCO is a cutting-edge Linux kernel module from OpenVPN designed to revolutionize the performance of VPN servers and clients. A code issue vulnerability exists in OpenVPN Data Channel Offload version 1.1.1. Exploitation of this vulnerability by an unprivileged...

PT-2025-2918 · Openvpn · Openvpn

Name of the Vulnerable Software and Affected Versions: OpenVPN ovpn-dco for Windows version 1.1.1 Description: The issue allows an unprivileged local attacker to send I/O control messages with invalid data to the driver, resulting in a NULL pointer dereference that leads to a system halt. This ca...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39799

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...