Filtered by vendor Openvpn
Subscriptions
Filtered by product Openvpn
Subscriptions
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-7521 | 1 Openvpn | 1 Openvpn | 2019-10-03 | N/A |
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | ||||
CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2019-07-09 | N/A |
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | ||||
CVE-2018-9336 | 2 Openvpn, Slackware | 2 Openvpn, Slackware Linux | 2018-06-13 | N/A |
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. | ||||
CVE-2017-7478 | 1 Openvpn | 1 Openvpn | 2017-08-16 | N/A |
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | ||||
CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2017-08-08 | N/A |
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||||
CVE-2017-7522 | 1 Openvpn | 1 Openvpn | 2017-07-07 | N/A |
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | ||||
CVE-2005-2534 | 1 Openvpn | 1 Openvpn | 2008-09-05 | N/A |
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | ||||
CVE-2005-2533 | 1 Openvpn | 1 Openvpn | 2008-09-05 | N/A |
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | ||||
CVE-2005-2532 | 1 Openvpn | 1 Openvpn | 2008-09-05 | N/A |
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | ||||
CVE-2005-2531 | 1 Openvpn | 1 Openvpn | 2008-09-05 | N/A |
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. |