SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvpn (SUSE-SU-2024:3502-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3502-1 advisory. - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of ...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2024:3502-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546...

Synology DiskStation Manager Exposure of Sensitive Information to an Unauthorized Actor (CVE-2014-2264)

The OpenVPN module in Synology DiskStation Manager DSM 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Synology DiskStation Manager Improper Certificate Validation (CVE-2020-27648)

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in- the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. This plugin only works with Tenable.ot. Please visit...

OpenVPN: Multiple Vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

GLSA-202409-08 : OpenVPN: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-08 OpenVPN: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

The vulnerability of the Tap-Windows6 software driver allows a hacker to execute arbitrary code.

The vulnerability of the Tap-Windows6 software’s OpenVPN driver in Windows operating systems is related to a numerical overflow issue. Exploiting this vulnerability allows an attacker to execute arbitrary code in the kernel space...

The vulnerability of the OpenVPN Connect software lies in the insufficient restriction of connection channels for specified endpoints. This allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the OpenVPN Connect software is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the OpenVPN Connect software lies in the overflow of buffers in the stack, which allows a hacker to elevate their privileges and execute arbitrary code.

The vulnerability of the OpenVPN Connect software is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the OpenVPN software lies in its reliance on uncontrolled resources, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the OpenVPN software is related to the absence of uncontrolled resource consumption. Exploiting this vulnerability can allow a hacker to compromise the confidentiality, integrity, and accessibility of the protected information...

PT-2024-8280 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 DrayTek Vigor 2960 affected versions not specified DrayTek Vigor 300B affected versions not specified Description: The issue is related to a command injection vulnerability in the doOpenVPN function of the...

ROS-20240828-04

A vulnerability in OpenVPN software is related to the lack of uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...

The vulnerability of the OpenVPN software lies in the lack of resource release after the expiration of its duration. This allows a hacker to “keep the session alive,” even if the server is instructed to disconnect this client.

The vulnerability of the OpenVPN software is related to the lack of resource release after the expiration of its duration. Exploiting this vulnerability allows a hacker to “keep the session alive,” even if the server was instructed to disconnect this client...

CVE-2024-8079

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not...

Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...

ROS-20240816-06

The vulnerability in OpenVPN software is related to the lack of resource release after the resource expires. the resource's expiration date. Exploitation of the vulnerability could allow an attacker to "save a session" even if the the server has been ordered to disconnect that client...

OpenVPN Multiple Vulnerabilities (Aug 2024) - Windows

OpenVPN is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn"; ifdescription...

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as...