Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago2 views

OpenVPN 2.5.0 < 2.5.12 / 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Memory Leak DoS

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service vulnerability: - A memory leak in tls-crypt-v2 client key handling allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a deni...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
Mageia
Mageia
added 5 days ago4 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References4
CVE
CVE
added last week21 views

CVE-2026-13698

CVE-2026-13698 is a memory-leak issue in OpenVPN related to tls-crypt-v2 client key handling, as noted in Mageia advisory MGASA-2026-0236. The advisory explicitly links this CVE to a memory leak that could contribute to server instability or crashes. Mageia reports the OpenVPN vulnerability along...

7.5CVSS6AI score0.00549EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score0.00549EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added last week5 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS6AI score0.00549EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/07/01 12:0 a.m.7 views

openvpn -- multiple vulnerabilities

The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing several security issues: Fix use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel + authentication packets CVE-2026-12996 Fix use-after-free bug in tlswrapreneg,...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/13 8:33 a.m.16 views

CVE-2026-35058

A flaw was found in OpenVPN. This vulnerability, caused by improper validation of packet length during tls-crypt-v2 key extraction, allows an authenticated attacker to send a specially crafted packet. Successful exploitation can trigger a fatal assertion, leading to a denial of service DoS...

6.9CVSS5.1AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.9 views

OESA-2026-2626 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.9 views

OESA-2026-2623 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.12 views

SUSE CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 8:17 p.m.14 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS0.00317EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 7:29 p.m.46 views

CVE-2026-35058

Summary of CVE-2026-35058 / CVE-2026-40215 (OpenVPN) OpenVPN versions affected: 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. The issue in tls-crypt-v2 key extraction stems from improper validation of packet length, which can trigger a fatal assertion and cause a denial of service when processing a speciall...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 7:29 p.m.13 views

EUVD-2026-35197

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/08 7:29 p.m.3 views

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.4AI score0.00317EPSS
Exploits0
OSV
OSV
added 2026/05/10 2:43 a.m.8 views

MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

6.9CVSS5.8AI score0.00317EPSS
Exploits0References5
Talos
Talos
added 2026/04/27 12:0 a.m.16 views

OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability

Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...

7.5CVSS6.9AI score0.00815EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.12 views

PT-2026-36645

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.19 OpenVPN versions 2.7 alpha1 through 2.7.1 Description A race condition occurs during the TLS handshake, specifically during TLS session promotion. This issue can be triggered by remote attackers, potential...

6.9CVSS5.5AI score0.00317EPSS
Exploits0References29
OSV
OSV
added 2026/04/23 12:0 a.m.5 views

UBUNTU-CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

6.9CVSS5.2AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.16 views

PT-2026-36643

Name of the Vulnerable Software and Affected Versions OpenVPN affected versions not specified Description An issue exists in the tls crypt v2 extract client key function where an uncontrolled assertion is reachable. A remote attacker can trigger a denial of service by sending a suitably malformed...

6.9CVSS5.7AI score0.00317EPSS
Exploits0References33
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-9571

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00815EPSS
Exploits0References3
Rows per page
Query Builder