PT-2024-22590 · Unknown +1 · Openvpn-Auth-Ldap +1

Name of the Vulnerable Software and Affected Versions: openvpn-auth-ldap version 2.0.4 Description: The issue is a buffer overflow in the extract openvpn cr function in openvpn-cr.c that allows attackers with a valid LDAP username and control over the challenge/response password field to cause a...

Ubuntu: Security Advisory (USN-6850-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-b611e122fb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : openvpn (2024-b611e122fb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b611e122fb advisory. Update to upstream OpenVPN 2.6.11 CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them CVE-2024-2888...

USN-6850-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

USN-6850-1 openvpn vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerability (USN-6850-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6850-1 advisory. It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use...

UBUNTU-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

PT-2024-5800 · Openvpn +6 · Openvpn +6

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.0 through 2.6.10 Description: The issue is related to OpenVPN's handling of exit notifications from authenticated clients in a server role. When multiple exit notifications are accepted, it can extend the validity of a...

UBUNTU-CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

FreeBSD : openvpn -- two security fixes (142c538e-b18f-40a1-afac-c479effadd5c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 142c538e-b18f-40a1-afac-c479effadd5c advisory. Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows:...

OPENSUSE-SU-2024:10211-1 openvpn-2.3.11-3.1 on GA media

These are all security issues fixed in the openvpn-2.3.11-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11692-1 openvpn-2.5.4-2.1 on GA media

These are all security issues fixed in the openvpn-2.5.4-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11968-1 openvpn-2.5.6-1.1 on GA media

These are all security issues fixed in the openvpn-2.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13429-1 openvpn-2.6.7-1.1 on GA media

These are all security issues fixed in the openvpn-2.6.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11128-1 openvpn-2.5.3-1.2 on GA media

These are all security issues fixed in the openvpn-2.5.3-1.2 package on the GA media of openSUSE Tumbleweed...

CVE-2024-0401 ASUS OVPN RCE

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U,...

CVE-2024-0401 ASUS OVPN RCE

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U,...

CVE-2024-0401

CVE-2024-0401 affects multiple ASUS routers that support custom OpenVPN profiles. An authenticated, remote attacker can execute arbitrary OS commands by uploading a crafted OVPN profile, with impact on confidentiality, integrity, and availability per the cited sources. Affected models include: AS...

The vulnerability of the Node.js software library OpenVPN Connect allows a hacker to execute arbitrary code.

The vulnerability of the Node.js software product OpenVPN Connect relates to the lack of measures to neutralize instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...