FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
45a72180-a640-11ec-a08b-85298243e224	openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins David Sommerseth reports: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6. Discovery 2022-03-10 Entry 2022-03-17 openvpn lt 2.5.6 openvpn-mbedtls lt 2.5.6 CVE-2022-0547 https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256
efb965be-a2c0-11eb-8956-1951a8617e30	openvpn -- deferred authentication can be bypassed in specific circumstances Gert DÃÂ¶ring reports: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Discovery 2021-03-02 Entry 2021-04-21 openvpn lt 2.5.2 openvpn-mbedtls lt 2.5.2 https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252 CVE-2020-15078

VuXML ID

Description

45a72180-a640-11ec-a08b-85298243e224

openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins

David Sommerseth reports:

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.

Discovery 2022-03-10
Entry 2022-03-17
openvpn

lt 2.5.6

openvpn-mbedtls

lt 2.5.6

CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

efb965be-a2c0-11eb-8956-1951a8617e30

openvpn -- deferred authentication can be bypassed in specific circumstances

Gert DÃÂ¶ring reports:

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Discovery 2021-03-02
Entry 2021-04-21
openvpn

lt 2.5.2

openvpn-mbedtls

lt 2.5.2

https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252
CVE-2020-15078