Download
| Alert*
|
oval:org.secpod.oval:def:52356
openvpn: virtual private network software OpenVPN could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:108061 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:108199 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:108068 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:1600188 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service via a small control channel packet. oval:org.secpod.oval:def:27127 The host is installed with 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, or 2.3.x before 2.3.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a small control channel packet. Successful exploitation allows remote attackers to cr ... oval:org.secpod.oval:def:702249 openvpn: virtual private network software OpenVPN could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702318 openvpn: virtual private network software OpenVPN could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1600244 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. oval:org.secpod.oval:def:16230 The host is installed with OpenVPN 2.3.0 and earlier are prone to information disclosure vulnerability. The flaw is present in the application, which fails to properly handle the openvpn_decrypt function in crypto.c. Successful exploitation allows remote attackers to cause timing attack involving an ... |
