Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2026-1644)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1644 advisory. According to upstream advisory https://community.openvpn.net/Security%20Announcements/CVE-2026-35058: OpenVPN server crash via ASSERT triggered by malformed tls-crypt-v2 packet; attacker with ...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

EUVD-2024-38343

Malicious code in bioql PyPI...

EUVD-2024-38342

Malicious code in bioql PyPI...

TencentOS Server 4: openvpn (TSSA-2025:0091)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0091 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

USN-7340-1: OpenVPN vulnerabilities

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenVPN vulnerabilities (USN-7340-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7340-1 advisory. It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, whi...

Debian dla-4079 : openvpn - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4079 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4079-2 [email protected] https://www.debian.org/lts/security/...

openSUSE Security Advisory (SUSE-SU-2025:0278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-39798

CVE-2024-39798 affects WAVLINK AC3000 (openvpn.cgi openvpn_server_setup). Talos & Red Hat/others describe multiple external config control vulnerabilities in the openvpn_server_setup() path, where POST parameters such as sel_open_server_val, sel_open_protocol, sel_open_interface, open_port, and r...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39799

CVE-2024-39799 (and related CVEs 39798, 39800) affect WAVLINK AC3000 M33A8.V5030.210505 via openvpn.cgi openvpn_server_setup, allowing authentication-protected HTTP POST data to inject arbitrary config into the OpenVPN server. The vulnerability chain reads POST values (sel_open_server_val, sel_op...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the openvpn package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...