VYPR

rpm package

suse/openvpn&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

pkg:rpm/suse/openvpn&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6

Vulnerabilities (3)

  • CVE-2025-2704Apr 2, 2025
    affected < 2.6.8-150600.3.17.1fixed 2.6.8-150600.3.17.1

    OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

  • CVE-2024-5594Jan 6, 2025
    affected < 2.6.8-150600.3.14.1fixed 2.6.8-150600.3.14.1

    OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

  • CVE-2024-28882Jul 8, 2024
    affected < 2.6.8-150600.3.3.1fixed 2.6.8-150600.3.3.1

    OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session