Lucene search
K

2418 matches found

EUVD
EUVD
added 5 days ago4 views

EUVD-2026-41877

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score0.00549EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-55933

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.5.0 through 2.5.11 OpenVPN versions 2.6.0 through 2.6.20 OpenVPN versions 2.7 alpha1 through 2.7.4 Description A memory leak exists that allows remote attackers possessing a valid tls-crypt-v2 client key to potentially trigg...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
Debian
Debian
added 2026/07/03 9:20 p.m.14 views

[SECURITY] [DLA 4666-1] openvpn security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4666-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

7.5CVSS6AI score0.00549EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

FreeBSD : openvpn -- multiple vulnerabilities (ffa897a0-756f-11f1-b291-a74de6bb0320)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ffa897a0-756f-11f1-b291-a74de6bb0320 advisory. The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing...

7.5CVSS7AI score0.00549EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-11771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - openvpn - None Ubuntu Linux - 1-byte buffer overrun on NTLMv2 proxy responses CVE-2026-11771 Note that Nessus relies on the presence of the packa...

6.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-13117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - tlswrapreneg use after free CVE-2026-13117 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Debian dla-4666 : openvpn - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4666 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4666-1 [email protected]...

7.5CVSS7AI score0.00549EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-13122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that...

5.9CVSS6.2AI score0.00487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Debian dsa-6376 : openvpn - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6376 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/securit...

7.5CVSS7AI score0.00549EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

OpenVPN 2.6.x < 2.6.20 / 2.7.x < 2.7.2 TLS Race Condition

According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by a vulnerability: - A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a...

6.1CVSS6AI score0.00309EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-13698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client...

7.5CVSS6.2AI score0.00549EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/07/01 12:0 a.m.7 views

openvpn -- multiple vulnerabilities

The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing several security issues: Fix use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel + authentication packets CVE-2026-12996 Fix use-after-free bug in tlswrapreneg,...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 7:16 p.m.8 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 6:16 p.m.32 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 6:16 p.m.27 views

CVE-2026-58000

The vulnerability CVE-2026-58000 affects luci-proto-openvpn up to version 0.11.1. The root cause is a command injection in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting, enabling an authenticated LuCI user with Open...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 6:16 p.m.9 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 6:16 p.m.6 views

EUVD-2026-40172

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:16 p.m.6 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53683

Name of the Vulnerable Software and Affected Versions luci-proto-openvpn versions prior to 0.11.1 Description An authenticated LuCI user with OpenVPN protocol configuration access can execute arbitrary commands as root. This occurs because the generateKey ubus method interpolates the cl meta...

8.8CVSS6.1AI score0.01401EPSS
Exploits0References7
Rows per page
Query Builder