FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
45a72180-a640-11ec-a08b-85298243e224openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins

David Sommerseth reports:

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.


Discovery 2022-03-10
Entry 2022-03-17
openvpn
< 2.5.6

openvpn-mbedtls
< 2.5.6

CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256
efb965be-a2c0-11eb-8956-1951a8617e30openvpn -- deferred authentication can be bypassed in specific circumstances

Gert Döring reports:

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.


Discovery 2021-03-02
Entry 2021-04-21
openvpn
< 2.5.2

openvpn-mbedtls
< 2.5.2

https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252
CVE-2020-15078