OpenVPN — свободная реализация технологии виртуальной частной сети (VPN) с открытым исходным кодом для создания зашифрованных каналoв типа точка-точка или сервер-клиенты между компьютерами.

Релизный цикл, информация об уязвимостях

Продукт: OpenVPN

Вендор: openvpn

График релизов

Недавние уязвимости OpenVPN

Количество 203

CVE-2014-8104

около 11 лет назад

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

CVSS2: 6.8

EPSS: Низкий

CVE-2014-8104

около 11 лет назад

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...

CVSS2: 6.8

EPSS: Низкий

CVE-2014-8104

около 11 лет назад

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

CVSS2: 6.8

EPSS: Низкий

CVE-2014-5455

больше 11 лет назад

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

CVSS2: 6.9

EPSS: Низкий

CVE-2013-2061

около 12 лет назад

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

CVSS2: 2.6

EPSS: Низкий

CVE-2013-2061

около 12 лет назад

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...

CVSS2: 2.6

EPSS: Низкий

CVE-2013-2061

около 12 лет назад

CVSS2: 2.6

EPSS: Низкий

CVE-2008-3459

больше 17 лет назад

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

CVSS2: 7.6

EPSS: Низкий

CVE-2008-3459

больше 17 лет назад

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...

CVSS2: 7.6

EPSS: Низкий

CVE-2008-3459

больше 17 лет назад

CVSS2: 7.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-8104 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.	CVSS2: 6.8	2% Низкий	около 11 лет назад
CVE-2014-8104 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...	CVSS2: 6.8	2% Низкий	около 11 лет назад
CVE-2014-8104 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.	CVSS2: 6.8	2% Низкий	около 11 лет назад
CVE-2014-5455 Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.	CVSS2: 6.9	1% Низкий	больше 11 лет назад
CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.	CVSS2: 2.6	1% Низкий	около 12 лет назад
CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...	CVSS2: 2.6	1% Низкий	около 12 лет назад
CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.	CVSS2: 2.6	1% Низкий	около 12 лет назад
CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.	CVSS2: 7.6	1% Низкий	больше 17 лет назад
CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...	CVSS2: 7.6	1% Низкий	больше 17 лет назад
CVE-2008-3459 Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.	CVSS2: 7.6	1% Низкий	больше 17 лет назад

Уязвимостей на страницу