rpm package
suse/openvpn&distro=SUSE Linux Enterprise Module for Basesystem 15 SP3
pkg:rpm/suse/openvpn&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0547 | — | < 2.4.3-150000.5.10.1 | 2.4.3-150000.5.10.1 | Mar 18, 2022 | OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | ||
| CVE-2020-15078 | — | < 2.4.3-5.7.1 | 2.4.3-5.7.1 | Apr 26, 2021 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||
| CVE-2020-11810 | — | < 2.4.3-5.7.1 | 2.4.3-5.7.1 | Apr 27, 2020 | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's | ||
| CVE-2018-7544 | — | < 2.4.3-5.7.1 | 2.4.3-5.7.1 | Mar 16, 2018 | A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain |
- CVE-2022-0547Mar 18, 2022affected < 2.4.3-150000.5.10.1fixed 2.4.3-150000.5.10.1
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
- CVE-2020-15078Apr 26, 2021affected < 2.4.3-5.7.1fixed 2.4.3-5.7.1
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
- CVE-2020-11810Apr 27, 2020affected < 2.4.3-5.7.1fixed 2.4.3-5.7.1
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's
- CVE-2018-7544Mar 16, 2018affected < 2.4.3-5.7.1fixed 2.4.3-5.7.1
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain