Lucene search
K

954 matches found

OSV
OSV
added 2026/04/22 2:28 p.m.5 views

GHSA-246W-JGMQ-88FG openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

10CVSS5.8AI score0.00438EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/22 2:28 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the handleAuthUserPassVerify process when deployed in experimental plugin mode. An attacker can gain unauthorized VPN access by connecting with a client that does not advertise WebAuth/SSO support, thereby...

10CVSS5.8AI score0.00438EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 2:28 p.m.10 views

openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

10CVSS5.8AI score0.00438EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34452

Name of the Vulnerable Software and Affected Versions openvpn-auth-oauth2 versions 1.26.3 through 1.27.2 Description An authentication bypass exists when the software is deployed in experimental plugin mode. Clients that do not support WebAuth/SSO are incorrectly granted full network access witho...

10CVSS5.9AI score0.00438EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34525

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

10CVSS5.8AI score
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/04/14 1:7 a.m.9 views

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +66 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =2.7.3, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

6.8CVSS5.7AI score0.00326EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

tinyobjloader 安全漏洞

tinyobjloader is an application developed by Dan Kiyochi. There is a security vulnerability in tinyobjloader, which stems from the experimental/tinyobjloaderopt.h file containing a stack overflow issue, potentially leading to denial-of-service attacks...

6.2CVSS5.8AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32357

A stack overflow in the experimental/tinyobj loader opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

5.8AI score0.00173EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 12:16 a.m.6 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 12:16 a.m.37 views

UBUNTU-CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.8AI score0.00194EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 12:11 a.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the DoTls13CertificateVerify process when handling a dual-algorithm CertificateVerify message due to improper bounds checking on crafted input. An attacker can cause the application to read memory outside the...

9.1CVSS5.9AI score0.00194EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/10 12:0 a.m.5 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.8AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 11:2 p.m.28 views

CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

6.3CVSS0.00194EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/09 11:2 p.m.6 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.2AI score0.00194EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/09 11:2 p.m.3 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.2AI score0.00194EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/09 11:2 p.m.2 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

6.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31826

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An out-of-bounds read can occur when processing a dual-algorithm CertificateVerify message on crafted input. This issue only occurs when wolfSSL is built with the --enable-experimental and...

9.1CVSS5.8AI score0.00194EPSS
Exploits0References11
OSV
OSV
added 2026/04/06 7:58 a.m.3 views

BIT-NODE-MIN-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.5AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 8:16 p.m.5 views

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 8:16 p.m.5 views

UBUNTU-CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS5.8AI score0.00146EPSS
Exploits0References3
Rows per page
Query Builder