286 matches found
CVE-2010-3903
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
OPENSUSE-SU-2024:10553-1 openconnect-7.07-1.3 on GA media
These are all security issues fixed in the openconnect-7.07-1.3 package on the GA media of openSUSE Tumbleweed...
OpenConnect Security Vulnerability
OpenConnect is an open source application for connecting to virtual private networks. A security vulnerability exists in OpenConnect 7.08 and earlier versions, which stems from credentials and session cookie information being stored insecurely in memory, which can be scanned and credentials...
SUSE SLED15: liboath-devel / liboath0 / libopenconnect5 / libpskc-devel / etc (SUSE-SU-2024:0317-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0317-1 advisory. - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input...
SUSE-SU-2024:0317-1 Security update for openconnect
This update for openconnect fixes the following issues: - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input size from stdin 579. Ignore 0.0.0.0 as NBNS address !446, vpnc-scripts58. Fix stray null in URL path after Pulse authentication 4023bd95. Fix...
The vulnerability of the X509_check function in the OpenConnect client allows a hacker to gain access to confidential data.
The vulnerability of the X509check function in the OpenConnect client involves deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...
SUSE CVE-2012-3291
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner...
SUSE CVE-2012-6128
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...
SUSE CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
SUSE CVE-2019-16239
processhttpresponse in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes...
SUSE CVE-2020-12105
OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks...
SUSE CVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c...
CVE-2022-31524
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31524
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31524
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31524
CVE-2022-31524 affects the PureStorage-OpenConnect/swagger repository up to version 1.1.5. The root cause is the unsafe use of Flaskās send_file, enabling absolute path traversal. Public references (including Red Hat) confirm the same description. The provided documents do not specify an official...
CVE-2022-31524
The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2021-45810
GlobalProtect-openconnect versions prior to 2.0.0 exclusive are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the...