Search CVE reports
21 – 30 of 50 results
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN...
31 affected packages
wireguard, tinc, connman, gadmin-openvpn-client, gadmin-openvpn-server...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireguard | Not affected | Not affected | Not affected | Not affected |
| tinc | Not affected | Not affected | Not affected | Not affected |
| connman | Not affected | Not affected | Not affected | Not affected |
| gadmin-openvpn-client | Not in release | Not in release | Not affected | Not affected |
| gadmin-openvpn-server | Not in release | Not in release | Not affected | Not affected |
| golang-github-apparentlymart-go-openvpn-mgmt | Not affected | Not affected | Not affected | Not in release |
| kvpnc | Not in release | Not in release | Not in release | Not affected |
| l2tp-ipsec-vpn-daemon | Not in release | Not in release | Not in release | Not in release |
| l2tp-ipsec-vpn | Not in release | Not in release | Not in release | Not in release |
| libreswan | Not affected | Not affected | Not affected | Not affected |
| mozillavpn | Not in release | Not affected | Not in release | Not in release |
| n2n | Not affected | Not affected | Not affected | Not affected |
| network-manager-fortisslvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-iodine | Not affected | Not affected | Not affected | Not affected |
| network-manager-l2tp | Not affected | Not affected | Not affected | Not affected |
| network-manager-openconnect | Not affected | Not affected | Not affected | Not affected |
| network-manager-openvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-pptp | Not affected | Not affected | Not affected | Not affected |
| network-manager-sstp | Not affected | Not affected | Not in release | Not in release |
| network-manager-strongswan | Not affected | Not affected | Not affected | Not affected |
| network-manager-vpnc | Not affected | Not affected | Not affected | Not affected |
| openconnect | Not affected | Not affected | Not affected | Not affected |
| openfortivpn | Not affected | Not affected | Not affected | Not affected |
| openvpn | Not affected | Not affected | Not affected | Not affected |
| pptp-linux | Not affected | Not affected | Not affected | Not affected |
| quicktun | Not affected | Not affected | Not affected | Not affected |
| riseup-vpn | Not affected | Not in release | Not in release | Not in release |
| softether-vpn | Not affected | Not affected | Not in release | Not in release |
| sshuttle | Not affected | Not affected | Not affected | Not affected |
| vpnc | Not affected | Not affected | Not affected | Not affected |
| zentyal-openvpn | Not in release | Not in release | Not in release | Not in release |
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into...
31 affected packages
wireguard, kvpnc, connman, gadmin-openvpn-client, gadmin-openvpn-server...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireguard | Ignored | Ignored | Ignored | Ignored |
| kvpnc | Not in release | Not in release | Not in release | Not affected |
| connman | Not affected | Not affected | Not affected | Not affected |
| gadmin-openvpn-client | Not in release | Not in release | Not affected | Not affected |
| gadmin-openvpn-server | Not in release | Not in release | Not affected | Not affected |
| golang-github-apparentlymart-go-openvpn-mgmt | Not affected | Not affected | Not affected | Not in release |
| l2tp-ipsec-vpn-daemon | Not in release | Not in release | Not in release | Not in release |
| l2tp-ipsec-vpn | Not in release | Not in release | Not in release | Not in release |
| libreswan | Not affected | Not affected | Not affected | Not affected |
| mozillavpn | Not in release | Not affected | Not in release | Not in release |
| n2n | Not affected | Not affected | Not affected | Not affected |
| network-manager-fortisslvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-iodine | Not affected | Not affected | Not affected | Not affected |
| network-manager-l2tp | Not affected | Not affected | Not affected | Not affected |
| network-manager-openconnect | Not affected | Not affected | Not affected | Not affected |
| network-manager-openvpn | Not affected | Not affected | Not affected | Not affected |
| network-manager-pptp | Not affected | Not affected | Not affected | Not affected |
| network-manager-sstp | Not affected | Not affected | Not in release | Not in release |
| network-manager-strongswan | Not affected | Not affected | Not affected | Not affected |
| network-manager-vpnc | Not affected | Not affected | Not affected | Not affected |
| openconnect | Not affected | Not affected | Not affected | Not affected |
| openfortivpn | Not affected | Not affected | Not affected | Not affected |
| pptp-linux | Not affected | Not affected | Not affected | Not affected |
| quicktun | Not affected | Not affected | Not affected | Not affected |
| riseup-vpn | Not affected | Not in release | Not in release | Not in release |
| softether-vpn | Not affected | Not affected | Not in release | Not in release |
| sshuttle | Not affected | Not affected | Not affected | Not affected |
| tinc | Not affected | Not affected | Not affected | Not affected |
| vpnc | Not affected | Not affected | Not affected | Not affected |
| zentyal-openvpn | Not in release | Not in release | Not in release | Not in release |
| openvpn | Not affected | Not affected | Not affected | Not affected |
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Fixed | Fixed | Fixed | Fixed |
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | Fixed | Fixed | Fixed |
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | — | Not affected | Not affected |
Some fixes available 2 of 3
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | — | Fixed | Fixed |
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | — | — | Not affected |
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | — | — | Not affected |
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers...
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | — | — | — | Ignored |
Some fixes available 2 of 6
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
1 affected package
openvpn
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openvpn | Not affected | Not affected | Not affected | Not affected |