Download
| Alert*
oval:org.secpod.oval:def:108062
openvpn is installed oval:org.secpod.oval:def:1800142 openvpn is installed oval:org.secpod.oval:def:1800141 CVE-2017-7478: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Fixed In Version openvpn 2.3.15, openvpn 2.4.2 oval:org.secpod.oval:def:1800709 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. Fixed In Version: openvpn 2.3.18, openvpn 2.4.4 oval:org.secpod.oval:def:1600804 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution oval:org.secpod.oval:def:52356 openvpn: virtual private network software OpenVPN could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:108199 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:108061 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:108068 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:601854 Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload. oval:org.secpod.oval:def:703593 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:110527 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for co ... oval:org.secpod.oval:def:1600244 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. oval:org.secpod.oval:def:89044973 This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were kn ... oval:org.secpod.oval:def:702251 openvpn is installed oval:org.secpod.oval:def:110037 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:111285 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for co ... oval:org.secpod.oval:def:110550 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for co ... oval:org.secpod.oval:def:89044841 This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoi ... oval:org.secpod.oval:def:1600188 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service via a small control channel packet. oval:org.secpod.oval:def:702249 openvpn: virtual private network software OpenVPN could be made to expose sensitive information over the network. oval:org.secpod.oval:def:89044672 This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow . oval:org.secpod.oval:def:110053 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer"s LZO library for compre ... oval:org.secpod.oval:def:111264 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for co ... oval:org.secpod.oval:def:702318 openvpn: virtual private network software OpenVPN could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:79892 openvpn: virtual private network software OpenVPN could allow unintended access to network services. oval:org.secpod.oval:def:112403 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:112367 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:112507 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:2000050 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. oval:org.secpod.oval:def:1600724 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL charac ... oval:org.secpod.oval:def:112495 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:3301317 SUSE Security Update: Security update for openvpn oval:org.secpod.oval:def:89049687 This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free in Interactive Service could lead to denial of service . oval:org.secpod.oval:def:121796 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:121761 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:89047631 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in . oval:org.secpod.oval:def:89047787 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in . - By default the --suppress-timestamps flag is not needed . oval:org.secpod.oval:def:3300465 SUSE Security Update: Security update for openvpn oval:org.secpod.oval:def:708591 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:1900662 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1800349 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. Fixed In Version: openvpn 2.3.18, openvpn 2.4.4 oval:org.secpod.oval:def:113380 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:2000707 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1800443 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. Fixed In Version openvpn 2.3.18, openvpn 2.4.4 oval:org.secpod.oval:def:113608 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:113288 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:703672 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:53086 Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-75 ... oval:org.secpod.oval:def:602962 Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-75 ... oval:org.secpod.oval:def:51830 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:2000586 OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. oval:org.secpod.oval:def:1600455 Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn"t happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to reco ... oval:org.secpod.oval:def:97615 [CLSA-2022:1649171018] Fixed CVE-2022-0547 in openvpn oval:org.secpod.oval:def:72086 openvpn: virtual private network software everal security issues were fixed in OpenVPN. oval:org.secpod.oval:def:89047244 This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication . - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key . - CVE-2018-7544: Fixed cross-protocol scripting issue that was discov ... oval:org.secpod.oval:def:1601473 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks oval:org.secpod.oval:def:119754 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:2001038 ** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sens ... |