Search CVE reports


Toggle filters

1 – 10 of 45 results


CVE-2024-1305

Medium priority
Ignored

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code...

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-27903

Medium priority
Ignored

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-27459

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24974

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4877

Medium priority
Not affected

[Unknown description]

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-28820

Medium priority
Needs evaluation

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...

1 affected package

openvpn-auth-ldap

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn-auth-ldap Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-5594

Medium priority

Some fixes available 5 of 8

control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-28882

Medium priority
Fixed

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-3661

Medium priority
Vulnerable

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...

29 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gadmin-openvpn-client Not in release Not in release Vulnerable Vulnerable Vulnerable
gadmin-openvpn-server Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-github-apparentlymart-go-openvpn-mgmt Vulnerable Vulnerable Vulnerable
kvpnc Not in release Not in release Not in release Vulnerable Vulnerable
libreswan Vulnerable Vulnerable Vulnerable Vulnerable
mozillavpn Not in release Vulnerable Not in release
n2n Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-fortisslvpn Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-iodine Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-l2tp Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-openvpn Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-pptp Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-sstp Vulnerable Vulnerable Not in release
network-manager-strongswan Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-vpnc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openfortivpn Vulnerable Vulnerable Vulnerable Vulnerable
openvpn Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
pptp-linux Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
pptpd Not in release Vulnerable Vulnerable Vulnerable Vulnerable
quicktun Vulnerable Vulnerable Vulnerable Vulnerable
riseup-vpn Vulnerable Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release
sshuttle Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tinc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
vpnc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
wireguard Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 29 packages Show less packages

CVE-2023-6247

Medium priority
Not affected

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvpn Not affected Not affected Not affected Not affected Not affected
Show less packages