apk package
wolfi/openvpn-auth-pam
pkg:apk/wolfi/openvpn-auth-pam
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13751 | — | < 2.6.17-r0 | 2.6.17-r0 | Dec 3, 2025 | Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service. | ||
| CVE-2023-7235 | — | < 2.6.9-r0 | 2.6.9-r0 | Feb 21, 2024 | The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables. | ||
| CVE-2020-27569 | — | < 0 | 0 | Apr 21, 2021 | Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. |
- CVE-2025-13751Dec 3, 2025affected < 2.6.17-r0fixed 2.6.17-r0
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
- CVE-2023-7235Feb 21, 2024affected < 2.6.9-r0fixed 2.6.9-r0
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
- CVE-2020-27569Apr 21, 2021affected < 0fixed 0
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.