Search CVE reports
1 – 10 of 45 results
CVE-2024-1305
Medium prioritytap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code...
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-27903
Medium priorityOpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-27459
Medium priorityThe interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24974
Medium priorityThe interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4877
Medium priority[Unknown description]
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-28820
Medium priorityBuffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...
1 affected package
openvpn-auth-ldap
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn-auth-ldap | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-5594
Medium prioritySome fixes available 5 of 8
control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-28882
Medium priorityOpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2024-3661
Medium priorityDHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...
29 affected packages
connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
connman | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gadmin-openvpn-client | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
gadmin-openvpn-server | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
golang-github-apparentlymart-go-openvpn-mgmt | Vulnerable | Vulnerable | Vulnerable | — | — |
kvpnc | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
libreswan | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
mozillavpn | Not in release | Vulnerable | Not in release | — | — |
n2n | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-fortisslvpn | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
network-manager-iodine | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-l2tp | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
network-manager-openconnect | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-openvpn | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-pptp | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-sstp | Vulnerable | Vulnerable | Not in release | — | — |
network-manager-strongswan | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
network-manager-vpnc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
openconnect | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
openfortivpn | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
openvpn | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
pptp-linux | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
pptpd | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
quicktun | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
riseup-vpn | Vulnerable | Not in release | Not in release | — | — |
softether-vpn | Vulnerable | Vulnerable | Not in release | — | — |
sshuttle | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tinc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
vpnc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
wireguard | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-6247
Medium priorityThe PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
1 affected package
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | Not affected | Not affected | Not affected | Not affected | Not affected |