Lucene search
+L

286 matches found

RedhatCVE
RedhatCVE
•added 2025/05/22 12:34 a.m.•13 views

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...

5CVSS6.8AI score0.0098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/21 9:2 p.m.•7 views

CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...

5CVSS7.7AI score0.0098EPSS
Exploits0References1
OSV
OSV
•added 2024/06/15 12:0 a.m.•13 views

OPENSUSE-SU-2024:10553-1 openconnect-7.07-1.3 on GA media

These are all security issues fixed in the openconnect-7.07-1.3 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.5AI score0.02648EPSS
Exploits0References3
CNNVD
CNNVD
•added 2024/02/05 12:0 a.m.•8 views

OpenConnect Security Vulnerability

OpenConnect is an open source application for connecting to virtual private networks. A security vulnerability exists in OpenConnect 7.08 and earlier versions, which stems from credentials and session cookie information being stored insecurely in memory, which can be scanned and credentials...

6.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2024/02/03 12:0 a.m.•26 views

SUSE SLED15: liboath-devel / liboath0 / libopenconnect5 / libpskc-devel / etc (SUSE-SU-2024:0317-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0317-1 advisory. - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input...

9.8CVSS7.1AI score0.04622EPSS
Exploits1References12
OSV
OSV
•added 2024/02/02 9:35 a.m.•18 views

SUSE-SU-2024:0317-1 Security update for openconnect

This update for openconnect fixes the following issues: - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input size from stdin 579. Ignore 0.0.0.0 as NBNS address !446, vpnc-scripts58. Fix stray null in URL path after Pulse authentication 4023bd95. Fix...

9.8CVSS8.1AI score0.04622EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
•added 2023/11/11 12:0 a.m.•11 views

The vulnerability of the X509_check function in the OpenConnect client allows a hacker to gain access to confidential data.

The vulnerability of the X509check function in the OpenConnect client involves deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...

7.1CVSS6.2AI score0.01695EPSS
Exploits0References8Affected Software3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:46 a.m.•2 views

SUSE CVE-2012-3291

Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner...

7.8CVSS7.2AI score0.02322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:43 a.m.•2 views

SUSE CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...

5CVSS7.1AI score0.02648EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:33 a.m.•8 views

SUSE CVE-2013-7098

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...

9.8CVSS7.2AI score0.01544EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•3 views

SUSE CVE-2019-16239

processhttpresponse in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes...

6.3CVSS7.1AI score0.03445EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2023/02/15 3:59 a.m.•2 views

SUSE CVE-2020-12105

OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks...

5.9CVSS7AI score0.01695EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•2 views

SUSE CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service application crash or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c...

6.5CVSS7.4AI score0.04622EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
•added 2022/07/11 1:15 a.m.•4 views

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.3AI score0.01242EPSS
Exploits1References2
NVD
NVD
•added 2022/07/11 1:15 a.m.•20 views

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01242EPSS
Exploits1References1
Prion
Prion
•added 2022/07/11 1:15 a.m.•26 views

Path traversal

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01242EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
•added 2022/07/11 12:55 a.m.•29 views

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.5AI score0.01242EPSS
Exploits1References1
CVE
CVE
•added 2022/07/11 12:55 a.m.•73 views

CVE-2022-31524

CVE-2022-31524 affects the PureStorage-OpenConnect/swagger repository up to version 1.1.5. The root cause is the unsafe use of Flask’s send_file, enabling absolute path traversal. Public references (including Red Hat) confirm the same description. The provided documents do not specify an official...

9.3CVSS9.2AI score0.01242EPSS
Exploits1References1Affected Software1
OSV
OSV
•added 2022/07/11 12:55 a.m.•19 views

CVE-2022-31524

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS6.9AI score0.01242EPSS
Exploits1References3
NVD
NVD
•added 2022/03/22 11:15 a.m.•32 views

CVE-2021-45810

GlobalProtect-openconnect versions prior to 2.0.0 exclusive are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the...

7.5CVSS0.00795EPSS
Exploits1References2
Rows per page
Query Builder