7 matches found
openSUSE Security Update : openvpn (openSUSE-2021-734)
This update for openvpn fixes the following issues : - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. - CVE-2018-7544: Fixed cross-protocol scripti...
SUSE SLED15 / SLES15 Security Update : openvpn (SUSE-SU-2021:1577-1)
This update for openvpn fixes the following issues : CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. CVE-2018-7544: Fixed cross-protocol scripting iss...
SUSE SLES12 Security Update : openvpn (SUSE-SU-2021:1576-1)
This update for openvpn fixes the following issues : CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803. Note that Tenable Network Security has extracte...
SUSE-SU-2021:1576-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803...
SUSE-SU-2021:14723-1 Security update for openvpn-openssl1
This update for openvpn-openssl1 fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
CVE-2018-7544
CVE-2018-7544 affects OpenVPN up to 2.4.5 where the management interface, if exposed over TCP without authentication and no clients connected, allows cross-protocol scripting via XMLHttpRequest to localhost:23000. An attacker can issue arbitrary management commands, exfiltrate data, or trigger a ...