rpm package
suse/openvpn&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/openvpn&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28882 | — | < 2.3.8-16.32.1 | 2.3.8-16.32.1 | Jul 8, 2024 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | ||
| CVE-2022-0547 | — | < 2.3.8-16.29.1 | 2.3.8-16.29.1 | Mar 18, 2022 | OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | ||
| CVE-2020-15078 | — | < 2.3.8-16.26.1 | 2.3.8-16.26.1 | Apr 26, 2021 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||
| CVE-2018-7544 | — | < 2.3.8-16.26.1 | 2.3.8-16.26.1 | Mar 16, 2018 | A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain |
- CVE-2024-28882Jul 8, 2024affected < 2.3.8-16.32.1fixed 2.3.8-16.32.1
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
- CVE-2022-0547Mar 18, 2022affected < 2.3.8-16.29.1fixed 2.3.8-16.29.1
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
- CVE-2020-15078Apr 26, 2021affected < 2.3.8-16.26.1fixed 2.3.8-16.26.1
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
- CVE-2018-7544Mar 16, 2018affected < 2.3.8-16.26.1fixed 2.3.8-16.26.1
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain