rpm package
opensuse/openvpn&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/openvpn&distro=openSUSE%20Leap%2015.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15078 | — | < 2.4.3-lp152.6.3.1 | 2.4.3-lp152.6.3.1 | Apr 26, 2021 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||
| CVE-2020-11810 | — | < 2.4.3-lp152.6.3.1 | 2.4.3-lp152.6.3.1 | Apr 27, 2020 | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's | ||
| CVE-2018-7544 | — | < 2.4.3-lp152.6.3.1 | 2.4.3-lp152.6.3.1 | Mar 16, 2018 | A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain |
- CVE-2020-15078Apr 26, 2021affected < 2.4.3-lp152.6.3.1fixed 2.4.3-lp152.6.3.1
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
- CVE-2020-11810Apr 27, 2020affected < 2.4.3-lp152.6.3.1fixed 2.4.3-lp152.6.3.1
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's
- CVE-2018-7544Mar 16, 2018affected < 2.4.3-lp152.6.3.1fixed 2.4.3-lp152.6.3.1
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain