NotCVE - vendor:"Openvpn" product:"Openvpn" version:" >= 2.6.0 <= 2.6.6"

Page 2 of 8 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-46850

https://notcve.org/view.php?id=CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto. • https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4 https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850 https://www.debian.org/security/2023/dsa-5555 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-46849

https://notcve.org/view.php?id=CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. El uso de la opción --fragment en ciertas configuraciones de OpenVPN versión 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de división por cero que podría provocar un bloqueo de la aplicación y provocar una denegación de servicio. • https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4 https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850 https://www.debian.org/security/2023/dsa-5555 • CWE-369: Divide By Zero •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-27569

https://notcve.org/view.php?id=CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. Se presenta una Escritura de Archivos Arbitraria en Aviatrix VPN Client versiones 2.8.2 y anteriores. El servicio VPN escribe registros en una ubicación que es de tipo world writable y puede ser aprovechado para conseguir acceso de escritura a cualquier archivo del sistema • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-abitrary-file-write • CWE-276: Incorrect Default Permissions •

1 2