OpenVPN Connect 安全漏洞

OpenVPN Connect is a VPN Virtual Private Network client application from OpenVPN USA. A security vulnerability exists in OpenVPN Connect versions prior to 3.5.0, which stems from a plaintext private key in the configuration file being recorded in the application logs, which can be used by...

PT-2025-1013 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions prior to 3.5.0 Description: The issue is related to the logging of clear-text private keys in the application log, which can be used by an unauthorized actor to decrypt VPN traffic. This could allow attackers to acces...

PT-2025-54615

Insufficient epoch key slot processing in OpenVPN 2.7 alpha1 through 2.7 rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

The vulnerability of the file loading function of the configuration module for D-Link DWR 2000M VPN microprogramming router allows a hacker to perform cross-site scripting attacks.

The vulnerability of the file loading function for the configuration module of D-Link DWR 2000M routers exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks by loading a specially created...

The vulnerability of the doOpenVPN() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers allows a hacker to execute arbitrary commands.

The vulnerability of the doOpenVPN function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers is related to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...

Multiple Siemens Products Log Output Medium and Error Vulnerabilities

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. A log output neutralization error vulnerability exists in multiple Siemens products, which can be exploited by an attacker to send spam to the openvpn logs, causing a high CPU load...

PT-2024-8829 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: D-Link DWR 2000M versions prior to the fixed version DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME Description: The issue exists due to the lack of protection for the web page structure in the VPN configuration module's...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R8500 v1.0.2.160, which originates from the openvpnserviceport and openvpnserviceporttun parameters in the openvpn.cgi component failing to correctly validate the length and size of the inpu...

CVE-2024-50998

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpnserviceport and openvpnserviceporttun parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

openvpn-2.6.10-2.1 on GA media (moderate)

openvpn-2.6.10-2.1 on GA media Announcement ID: openSUSE-SU-2024:14436-1 Rating: moderate Cross-References: CVE-2024-28882 CVSS scores: CVE-2024-28882 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2024:14436-1 openvpn-2.6.10-2.1 on GA media

These are all security issues fixed in the openvpn-2.6.10-2.1 package on the GA media of openSUSE Tumbleweed...

openvpn -- too long a username or password from a client can confuse openvpn servers

Frank Lichtenheld reports: OpenVPN v2.6.13 ... improve server-side handling of clients sending usernames or passwords longer than USERPASSLEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleadi...

SUSE: Security Advisory (SUSE-SU-2024:3532-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : openvpn (SUSE-SU-2024:3532-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3532-1 advisory. - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Tenabl...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2024:3532-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546...

Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)

Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...

OpenVPN Server versions 2.6.0 <= 2.6.10 Session Extension Vulnerability

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208125; scriptversion"1.3";...

openSUSE Security Advisory (SUSE-SU-2024:3502-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...