Search CVE reports
11 – 20 of 50 results
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...
1 affected package
openvpn-auth-ldap
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn-auth-ldap | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Fixed | Fixed | Fixed | Fixed |
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Fixed | Not affected | Not affected | Not affected |
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...
29 affected packages
tinc, vpnc, connman, gadmin-openvpn-client, gadmin-openvpn-server...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tinc | Ignored | Ignored | Ignored | Ignored |
| vpnc | Ignored | Ignored | Ignored | Ignored |
| connman | Ignored | Ignored | Ignored | Ignored |
| gadmin-openvpn-client | Not in release | Not in release | Ignored | Ignored |
| gadmin-openvpn-server | Not in release | Not in release | Ignored | Ignored |
| golang-github-apparentlymart-go-openvpn-mgmt | Ignored | Ignored | Ignored | — |
| kvpnc | Not in release | Not in release | Not in release | Ignored |
| libreswan | Ignored | Ignored | Ignored | Ignored |
| mozillavpn | Not in release | Ignored | Not in release | — |
| n2n | Ignored | Ignored | Ignored | Ignored |
| network-manager-fortisslvpn | Ignored | Ignored | Ignored | Ignored |
| network-manager-iodine | Ignored | Ignored | Ignored | Ignored |
| network-manager-l2tp | Ignored | Ignored | Ignored | Ignored |
| network-manager-openconnect | Ignored | Ignored | Ignored | Ignored |
| network-manager-openvpn | Ignored | Ignored | Ignored | Ignored |
| network-manager-pptp | Ignored | Ignored | Ignored | Ignored |
| network-manager-sstp | Ignored | Ignored | Not in release | — |
| network-manager-strongswan | Ignored | Ignored | Ignored | Ignored |
| network-manager-vpnc | Ignored | Ignored | Ignored | Ignored |
| openconnect | Ignored | Ignored | Ignored | Ignored |
| openfortivpn | Ignored | Ignored | Ignored | Ignored |
| openvpn | Ignored | Ignored | Ignored | Ignored |
| pptp-linux | Ignored | Ignored | Ignored | Ignored |
| pptpd | Not in release | Ignored | Ignored | Ignored |
| quicktun | Ignored | Ignored | Ignored | Ignored |
| riseup-vpn | Ignored | Not in release | Not in release | — |
| softether-vpn | Ignored | Ignored | Not in release | — |
| sshuttle | Ignored | Ignored | Ignored | Ignored |
| wireguard | Ignored | Ignored | Ignored | Ignored |
The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Not affected | Not affected | Not affected | Not affected |
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | Not affected | Not affected | Not affected |
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | Not affected | Not affected | Not affected |
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Ignored | Ignored | Ignored | Ignored |
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel,...
31 affected packages
wireguard, connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireguard | Not affected | Not affected | Not affected | Not affected |
| connman | Not affected | Not affected | Not affected | Not affected |
| gadmin-openvpn-client | Not in release | Not in release | Not affected | Not affected |
| gadmin-openvpn-server | Not in release | Not in release | Not affected | Not affected |
| golang-github-apparentlymart-go-openvpn-mgmt | Not affected | Not affected | Not affected | Not in release |
| kvpnc | Not in release | Not in release | Not in release | Not affected |
| l2tp-ipsec-vpn-daemon | Not in release | Not in release | Not in release | Not in release |
| l2tp-ipsec-vpn | Not in release | Not in release | Not in release | Not in release |
| libreswan | Not affected | Not affected | Not affected | Not affected |
| mozillavpn | Not in release | Not affected | Not in release | Not in release |
| n2n | Not affected | Not affected | Not affected | Not affected |
| network-manager-fortisslvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-iodine | Not affected | Not affected | Not affected | Not affected |
| network-manager-l2tp | Not affected | Not affected | Not affected | Not affected |
| network-manager-openconnect | Not affected | Not affected | Not affected | Not affected |
| network-manager-openvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-pptp | Not affected | Not affected | Not affected | Not affected |
| network-manager-sstp | Not affected | Not affected | Not in release | Not in release |
| network-manager-strongswan | Not affected | Not affected | Not affected | Not affected |
| network-manager-vpnc | Not affected | Not affected | Not affected | Not affected |
| openconnect | Not affected | Not affected | Not affected | Not affected |
| openfortivpn | Not affected | Not affected | Not affected | Not affected |
| openvpn | Not affected | Not affected | Not affected | Not affected |
| pptp-linux | Not affected | Not affected | Not affected | Not affected |
| quicktun | Not affected | Not affected | Not affected | Not affected |
| riseup-vpn | Not affected | Not in release | Not in release | Not in release |
| softether-vpn | Not affected | Not affected | Not in release | Not in release |
| sshuttle | Not affected | Not affected | Not affected | Not affected |
| tinc | Not affected | Not affected | Not affected | Not affected |
| vpnc | Not affected | Not affected | Not affected | Not affected |
| zentyal-openvpn | Not in release | Not in release | Not in release | Not in release |
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if...
31 affected packages
wireguard, n2n, connman, gadmin-openvpn-client, gadmin-openvpn-server...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireguard | Ignored | Ignored | Not affected | Ignored |
| n2n | Not affected | Not affected | Not affected | Not affected |
| connman | Not affected | Not affected | Not affected | Not affected |
| gadmin-openvpn-client | Not in release | Not in release | Not affected | Not affected |
| gadmin-openvpn-server | Not in release | Not in release | Not affected | Not affected |
| openfortivpn | Not affected | Not affected | Not affected | Not affected |
| golang-github-apparentlymart-go-openvpn-mgmt | Not affected | Not affected | Not affected | Not in release |
| kvpnc | Not in release | Not in release | Not in release | Not affected |
| l2tp-ipsec-vpn-daemon | Not in release | Not in release | Not in release | Not in release |
| l2tp-ipsec-vpn | Not in release | Not in release | Not in release | Not in release |
| libreswan | Not affected | Not affected | Not affected | Not affected |
| mozillavpn | Not in release | Not affected | Not in release | Not in release |
| network-manager-fortisslvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-iodine | Not affected | Not affected | Not affected | Not affected |
| network-manager-l2tp | Not affected | Not affected | Not affected | Not affected |
| network-manager-openconnect | Not affected | Not affected | Not affected | Not affected |
| network-manager-openvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-pptp | Not affected | Not affected | Not affected | Not affected |
| network-manager-sstp | Not affected | Not affected | Not in release | Not in release |
| network-manager-strongswan | Not affected | Not affected | Not affected | Not affected |
| network-manager-vpnc | Not affected | Not affected | Not affected | Not affected |
| openconnect | Not affected | Not affected | Not affected | Not affected |
| pptp-linux | Not affected | Not affected | Not affected | Not affected |
| quicktun | Not affected | Not affected | Not affected | Not affected |
| riseup-vpn | Not affected | Not in release | Not in release | Not in release |
| softether-vpn | Not affected | Not affected | Not in release | Not in release |
| sshuttle | Not affected | Not affected | Not affected | Not affected |
| tinc | Not affected | Not affected | Not affected | Not affected |
| vpnc | Not affected | Not affected | Not affected | Not affected |
| zentyal-openvpn | Not in release | Not in release | Not in release | Not in release |
| openvpn | Not affected | Not affected | Not affected | Not affected |