Search CVE reports
21 – 30 of 46 results
CVE-2020-15074
Medium priorityOpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | Not affected | Not affected | Not affected |
CVE-2020-11810
Low prioritySome fixes available 2 of 3
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | Fixed | Fixed | Not affected |
CVE-2020-8953
Medium priorityOpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | Not affected | Not affected |
CVE-2018-9336
Medium priorityopenvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | Not affected | Not affected |
CVE-2018-7544
Low priority** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | Ignored | Ignored |
CVE-2017-12166
Low prioritySome fixes available 1 of 6
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2017-7522
Medium priorityOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | — | Not affected |
CVE-2017-7521
Medium priorityOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | — | Fixed |
CVE-2017-7520
Medium priorityOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | — | Fixed |
CVE-2017-7512
Medium priorityRed Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openvpn | — | — | — | — | Not affected |