OpenVPN — свободная реализация технологии виртуальной частной сети (VPN) с открытым исходным кодом для создания зашифрованных каналoв типа точка-точка или сервер-клиенты между компьютерами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 191
CVE-2014-8104
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-8104 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | CVSS2: 6.8 | 2% Низкий | около 11 лет назад |
 | CVE-2014-5455 Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | CVSS2: 6.9 | 1% Низкий | больше 11 лет назад |
| CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | CVSS2: 2.6 | 1% Низкий | около 12 лет назад |
| CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ... | CVSS2: 2.6 | 1% Низкий | около 12 лет назад |
| CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | CVSS2: 2.6 | 1% Низкий | около 12 лет назад |
| CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | CVSS2: 7.6 | 1% Низкий | больше 17 лет назад |
| CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ... | CVSS2: 7.6 | 1% Низкий | больше 17 лет назад |
| CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | CVSS2: 7.6 | 1% Низкий | больше 17 лет назад |
| CVE-2006-2229 OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. | CVSS2: 4 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2229 OpenVPN 2.0.7 and earlier, when configured to use the --management opt ... | CVSS2: 4 | 1% Низкий | больше 19 лет назад |
Уязвимостей на страницу