CVE search results

1 – 10 of 45 results

Detailed view

Sort by:

CVE-2024-1305

Medium priority

Ignored

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code...

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-27903

Medium priority

Ignored

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-27459

Medium priority

Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-24974

Medium priority

Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-4877

Medium priority

Not affected

[Unknown description]

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-28820

Medium priority

Needs evaluation

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...

1 affected packages

openvpn-auth-ldap

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn-auth-ldap	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-5594

Medium priority

Some fixes available 4 of 7

control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2024-28882

Medium priority

Fixed

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Fixed	Not affected	Not affected	Not affected	Not affected

CVE-2024-3661

Medium priority

Vulnerable

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...

29 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
connman	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
gadmin-openvpn-client	Not in release	Not in release	Vulnerable	Vulnerable	Vulnerable
gadmin-openvpn-server	Not in release	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-github-apparentlymart-go-openvpn-mgmt	Vulnerable	Vulnerable	Vulnerable	—	—
kvpnc	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
libreswan	Vulnerable	Vulnerable	Vulnerable	Vulnerable	—
mozillavpn	Not in release	Vulnerable	Not in release	—	—
n2n	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-fortisslvpn	Vulnerable	Vulnerable	Vulnerable	Vulnerable	—
network-manager-iodine	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-l2tp	Vulnerable	Vulnerable	Vulnerable	Vulnerable	—
network-manager-openconnect	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-openvpn	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-pptp	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-sstp	Vulnerable	Vulnerable	Not in release	—	—
network-manager-strongswan	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
network-manager-vpnc	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
openconnect	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
openfortivpn	Vulnerable	Vulnerable	Vulnerable	Vulnerable	—
openvpn	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
pptp-linux	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
pptpd	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
quicktun	Vulnerable	Vulnerable	Vulnerable	Vulnerable	—
riseup-vpn	Vulnerable	Not in release	Not in release	—	—
softether-vpn	Vulnerable	Vulnerable	Not in release	—	—
sshuttle	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tinc	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
vpnc	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wireguard	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2023-6247

Medium priority

Not affected

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports