CRITICAL9.8CVE-2023-46850Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending ne… from 0, < 2.6.3-1+deb12u2
from 0, < 2.5.1-3+deb11u1
CRITICAL9.8openvpn - security update
from 0, < 2.5.1-3+deb11u1
CRITICAL9.8openvpn - security update
from 0, < 2.4.4-1
CRITICAL9.8openvpn - security update
from 0, < 2.4.0-6+deb9u4
CRITICAL9.1OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected a…
from 0, < 2.5.1-3+deb11u1
CRITICAL9.1A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5.
from 0
HIGH7.5openvpn - security update
from 0, < 2.6.3-1+deb12u4
HIGH7.5openvpn - security update
from 0, < 2.6.3-1+deb12u4
HIGH7.5OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting…
from 0, < 2.6.3-1+deb12u3
HIGH7.5openvpn - security update
from 0, < 2.6.3-1+deb12u2
HIGH7.5openvpn - security update
from 0, < 2.6.3-1+deb12u2
HIGH7.5OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured…
from 0, < 2.5.1-2
HIGH7.5openvpn - security update
from 0, < 2.3.4-5+deb8u2
HIGH7.5openvpn - security update
from 0, < 2.4.3-1
HIGH7.5OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet.
from 0, < 2.4.0-5
HIGH7.4openvpn - security update
from 0, < 2.2.1-8+deb7u5
HIGH7.4openvpn - security update
from 0, < 2.4.3-1
MEDIUM6.9Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows…
from 0
MEDIUM6.5OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certific…
from 0, < 2.4.3-1
MEDIUM6.5openvpn - security update
from 0, < 2.2.1-8+deb7u4
MEDIUM6.5openvpn - security update
from 0, < 2.4.0-5
MEDIUM6.1A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash o…
from 0
MEDIUM5.9OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks…
from 0, < 2.4.3-1
MEDIUM5.9OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a lo…
from 0
MEDIUM4.3OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the val…
from 0, < 2.6.3-1+deb12u3
LOW3.7An issue was discovered in OpenVPN 2.4.x before 2.4.9.
from 0, < 2.4.9-1
—Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulti…
from 0, < 2.7.0~rc5-1
—openvpn - security update
from 0, < 2.3.4-5
—openvpn - security update
from 0, < 2.2.1-8+deb7u3
—openvpn - security update
from 0, < 2.1.3-2+squeeze3
—The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitiv…
from 0, < 2.3.1-1
—Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbi…
from 0, < 2.1~rc9-1
—OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for T…
from 0
—openvpn - design error
from 0, < 2.0-1sarge3
—openvpn - design error
from 0, < 2.0.6-1
—OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing th…
from 0, < 2.0.5-1
—openvpn - several
from 0, < 2.0-1sarge2
—openvpn - several
from 0, < 2.0.5-1
—OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote…
from 0, < 2.0.2-1
—Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server cr…
from 0, < 2.0.2-1
—openvpn - denial of service
from 0, < 2.0-1sarge1
—openvpn - denial of service
from 0, < 2.0.2-1
—OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (m…
from 0, < 2.0.2-1