33 matches found
TencentOS Server 4: openvpn (TSSA-2025:0091)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0091 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
SUSE: Security Advisory (SUSE-SU-2025:0278-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2025-1744710425 Fix CVE(s): CVE-2024-5594
SECURITY UPDATE: Improper PUSHREPLY sanitization allows attackers to inject arbitrary data into third-party executables - debian/patches/CVE-2024-5594.patch: Properly handle null bytes and invalid characters in control - CVE-2024-5594 UPDATE CERTIFICATES: Renew sample keys -...
SUSE: Security Advisory (SUSE-SU-2025:1131-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : openvpn (SUSE-SU-2025:1131-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1131-1 advisory. - CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Tenable has extracted the...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:1131-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147...
SUSE: Security Advisory (SUSE-SU-2025:1053-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : openvpn (SUSE-SU-2025:1053-2)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1053-2 advisory. - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Tenable has extracted the preceding description...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE SLES12 Security Update : openvpn (SUSE-SU-2025:1053-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1053-1 advisory. - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Tenable has extracted the preceding description...
SUSE-SU-2025:1053-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147...
Debian: Security Advisory (DLA-4079-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2024-5594
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or...
openSUSE Security Advisory (SUSE-SU-2025:0278-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openvpn-2.6.10-5.1 on GA media (moderate)
openvpn-2.6.10-5.1 on GA media Announcement ID: openSUSE-SU-2025:14707-1 Rating: moderate Cross-References: CVE-2024-5594 CVSS scores: CVE-2024-5594 SUSE : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2024-5594 SUSE : 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...
SUSE SLED15: openvpn / openvpn-auth-pam-plugin / openvpn-dco / openvpn-dco-devel / etc (SUSE-SU-2025:0278-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0278-1 advisory. - CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147...
SUSE-SU-2025:0278-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147...
OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows
OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...
SUSE CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...