Search CVE reports
31 – 40 of 45 results
CVE-2017-7479
Low prioritySome fixes available 4 of 5
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | Not affected | Not affected | Fixed |
CVE-2017-7478
High priorityOpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | Not affected |
CVE-2016-6329
Low prioritySome fixes available 3 of 4
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using...
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | Not affected | Not affected | Fixed |
CVE-2014-8104
Medium prioritySome fixes available 3 of 4
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | — |
CVE-2013-2061
Low prioritySome fixes available 1 of 6
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run...
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | — |
CVE-2011-1943
Medium priorityThe destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive...
2 affected packages
network-manager, network-manager-openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
network-manager | — | — | — | — | — |
network-manager-openvpn | — | — | — | — | — |
CVE-2008-3459
Low priorityUnspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably...
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | — |
CVE-2008-0166
Critical priorityOpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force...
7 affected packages
openssh, openssh-blacklist, openssl, openssl-blacklist, openvpn...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | — |
openssh-blacklist | — | — | — | — | — |
openssl | — | — | — | — | — |
openssl-blacklist | — | — | — | — | — |
openvpn | — | — | — | — | — |
openvpn-blacklist | — | — | — | — | — |
ssl-cert | — | — | — | — | — |
CVE-2006-1629
Unknown priorityOpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | — |
CVE-2005-3409
Unknown priorityOpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an...
1 affected packages
openvpn
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvpn | — | — | — | — | — |