Search CVE reports

11 – 20 of 45 results

Detailed view

Sort by:

CVE-2023-46850

Medium priority

Fixed

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	—	Not affected	Not affected	Not affected	Not affected

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	—	Not affected	Not affected	Not affected	Not affected

CVE-2020-20813

Medium priority

Vulnerable

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2023-36673

Medium priority

Vulnerable

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel,...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
connman	Not affected	Not affected	Not affected	Not affected	Not affected
gadmin-openvpn-client	Not in release	Not in release	Not affected	Not affected	Not affected
gadmin-openvpn-server	Not in release	Not in release	Not affected	Not affected	Not affected
golang-github-apparentlymart-go-openvpn-mgmt	Not affected	Not affected	Not affected	Not in release	Not in release
kvpnc	Not in release	Not in release	Not in release	Not affected	Not affected
l2tp-ipsec-vpn	Not in release	Not in release	Not in release	Not in release	Not in release
l2tp-ipsec-vpn-daemon	Not in release	Not in release	Not in release	Not in release	Not in release
libreswan	Not affected	Not affected	Not affected	Not affected	Not in release
mozillavpn	Not in release	Not affected	Not in release	Not in release	Not in release
n2n	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-fortisslvpn	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-iodine	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-l2tp	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-openconnect	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-pptp	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-sstp	Not affected	Not affected	Not in release	Not in release	Not in release
network-manager-strongswan	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
openconnect	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
openfortivpn	Not affected	Not affected	Not affected	Not affected	Not in release
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
pptp-linux	Not affected	Not affected	Not affected	Not affected	Not affected
quicktun	Not affected	Not affected	Not affected	Not affected	Not in release
riseup-vpn	Not affected	Not in release	Not in release	Not in release	Not in release
softether-vpn	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
sshuttle	Not affected	Not affected	Not affected	Not affected	Not affected
tinc	Not affected	Not affected	Not affected	Not affected	Not affected
vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
wireguard	Not affected	Not affected	Not affected	Not affected	Not affected
zentyal-openvpn	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-36672

Medium priority

Vulnerable

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
connman	Not affected	Not affected	Not affected	Not affected	Not affected
gadmin-openvpn-client	Not in release	Not in release	Not affected	Not affected	Not affected
gadmin-openvpn-server	Not in release	Not in release	Not affected	Not affected	Not affected
golang-github-apparentlymart-go-openvpn-mgmt	Not affected	Not affected	Not affected	Not in release	Not in release
kvpnc	Not in release	Not in release	Not in release	Not affected	Not affected
l2tp-ipsec-vpn	Not in release	Not in release	Not in release	Not in release	Not in release
l2tp-ipsec-vpn-daemon	Not in release	Not in release	Not in release	Not in release	Not in release
libreswan	Not affected	Not affected	Not affected	Not affected	Not in release
mozillavpn	Not in release	Not affected	Not in release	Not in release	Not in release
n2n	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-fortisslvpn	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-iodine	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-l2tp	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-openconnect	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-pptp	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-sstp	Not affected	Not affected	Not in release	Not in release	Not in release
network-manager-strongswan	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
openconnect	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
openfortivpn	Not affected	Not affected	Not affected	Not affected	Not in release
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
pptp-linux	Not affected	Not affected	Not affected	Not affected	Not affected
quicktun	Not affected	Not affected	Not affected	Not affected	Not in release
riseup-vpn	Not affected	Not in release	Not in release	Not in release	Not in release
softether-vpn	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
sshuttle	Not affected	Not affected	Not affected	Not affected	Not affected
tinc	Not affected	Not affected	Not affected	Not affected	Not affected
vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
wireguard	Ignored	Ignored	Ignored	Ignored	Ignored
zentyal-openvpn	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-36671

Medium priority

Vulnerable

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
connman	Not affected	Not affected	Not affected	Not affected	Not affected
gadmin-openvpn-client	Not in release	Not in release	Not affected	Not affected	Not affected
gadmin-openvpn-server	Not in release	Not in release	Not affected	Not affected	Not affected
golang-github-apparentlymart-go-openvpn-mgmt	Not affected	Not affected	Not affected	Not in release	Not in release
kvpnc	Not in release	Not in release	Not in release	Not affected	Not affected
l2tp-ipsec-vpn	Not in release	Not in release	Not in release	Not in release	Not in release
l2tp-ipsec-vpn-daemon	Not in release	Not in release	Not in release	Not in release	Not in release
libreswan	Not affected	Not affected	Not affected	Not affected	Not in release
mozillavpn	Not in release	Not affected	Not in release	Not in release	Not in release
n2n	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-fortisslvpn	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-iodine	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-l2tp	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-openconnect	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-pptp	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-sstp	Not affected	Not affected	Not in release	Not in release	Not in release
network-manager-strongswan	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
openconnect	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
openfortivpn	Not affected	Not affected	Not affected	Not affected	Not in release
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
pptp-linux	Not affected	Not affected	Not affected	Not affected	Not affected
quicktun	Not affected	Not affected	Not affected	Not affected	Not in release
riseup-vpn	Not affected	Not in release	Not in release	Not in release	Not in release
softether-vpn	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
sshuttle	Not affected	Not affected	Not affected	Not affected	Not affected
tinc	Not affected	Not affected	Not affected	Not affected	Not affected
vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
wireguard	Not affected	Not affected	Not affected	Not affected	Not affected
zentyal-openvpn	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-35838

Medium priority

Vulnerable

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
connman	Not affected	Not affected	Not affected	Not affected	Not affected
gadmin-openvpn-client	Not in release	Not in release	Not affected	Not affected	Not affected
gadmin-openvpn-server	Not in release	Not in release	Not affected	Not affected	Not affected
golang-github-apparentlymart-go-openvpn-mgmt	Not affected	Not affected	Not affected	Not in release	Not in release
kvpnc	Not in release	Not in release	Not in release	Not affected	Not affected
l2tp-ipsec-vpn	Not in release	Not in release	Not in release	Not in release	Not in release
l2tp-ipsec-vpn-daemon	Not in release	Not in release	Not in release	Not in release	Not in release
libreswan	Not affected	Not affected	Not affected	Not affected	Not in release
mozillavpn	Not in release	Not affected	Not in release	Not in release	Not in release
n2n	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-fortisslvpn	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-iodine	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-l2tp	Not affected	Not affected	Not affected	Not affected	Not in release
network-manager-openconnect	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-pptp	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-sstp	Not affected	Not affected	Not in release	Not in release	Not in release
network-manager-strongswan	Not affected	Not affected	Not affected	Not affected	Not affected
network-manager-vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
openconnect	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
openfortivpn	Not affected	Not affected	Not affected	Not affected	Not in release
openvpn	Not affected	Not affected	Not affected	Not affected	Not affected
pptp-linux	Not affected	Not affected	Not affected	Not affected	Not affected
quicktun	Not affected	Not affected	Not affected	Not affected	Not in release
riseup-vpn	Not affected	Not in release	Not in release	Not in release	Not in release
softether-vpn	Vulnerable	Vulnerable	Not in release	Not in release	Not in release
sshuttle	Not affected	Not affected	Not affected	Not affected	Not affected
tinc	Not affected	Not affected	Not affected	Not affected	Not affected
vpnc	Not affected	Not affected	Not affected	Not affected	Not affected
wireguard	Ignored	Ignored	Ignored	Ignored	Ignored
zentyal-openvpn	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-0547

Medium priority

Fixed

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access...

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2020-15078

Medium priority

Fixed

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	—	Fixed	Fixed	Fixed	Not affected

CVE-2020-15074

Medium priority

Ignored

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

1 affected packages

openvpn

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
openvpn	—	—	Not affected	Not affected	Not affected

Export to JSON

Results by page: