Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution RCE and local privilege escalation LPE. "This attack chain could enable attackers to gain full control over targeted endpoints, potentiall...

OpenVPN 2.5.x < 2.5.10, 2.6.x < 2.6.10 Multiple Vulnerabilities (Windows)

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by multiple vulnerabilities: - OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-i...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

OESA-2024-1885 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

The vulnerability of the Plug-in Handler component of the OpenVPN software allows a hacker to load arbitrary modules.

The vulnerability of the Plug-in Handler component in the OpenVPN software involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a remote attacker to download arbitrary modules...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linux Linux_Kernel

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

OESA-2024-1840 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

SUSE CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

SUSE CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

SUSE CVE-2024-27459

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges...

SUSE CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

DEBIAN-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

ALPINE-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CVE-2024-27459

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges...