This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-09 22:37:04 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
04cc7bd2-3686-11e7-aa64-080027ef73ec | OpenVPN -- two remote denial-of-service vulnerabilities Samuli Seppänen reports:
Discovery 2017-05-10 Entry 2017-05-11 openvpn < 2.3.15 ge 2.4.0 lt 2.4.2 openvpn23 < 2.3.15 openvpn-mbedtls ge 2.4.0 lt 2.4.2 openvpn-polarssl < 2.3.15 openvpn23-polarssl < 2.3.15 https://openvpn.net/index.php/open-source/downloads.html CVE-2017-7478 CVE-2017-7479 https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits https://ostif.org/?p=870&preview=true https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/ |
efb965be-a2c0-11eb-8956-1951a8617e30 | openvpn -- deferred authentication can be bypassed in specific circumstances Gert Döring reports:
Discovery 2021-03-02 Entry 2021-04-21 openvpn < 2.5.2 openvpn-mbedtls < 2.5.2 https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252 CVE-2020-15078 |
9f65d382-56a4-11e7-83e3-080027ef73ec | OpenVPN -- several vulnerabilities Samuli Seppänen reports:
Discovery 2017-05-19 Entry 2017-06-21 openvpn < 2.3.17 ge 2.4.0 lt 2.4.3 openvpn-mbedtls < 2.4.3 openvpn-polarssl < 2.3.17 CVE-2017-7520 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 CVE-2017-7508 CVE-2017-7512 CVE-2017-7521 CVE-2017-7522 |
d1c39c8e-05ab-4739-870f-765490fa2052 | openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients James Yonan reports:
Discovery 2005-07-27 Entry 2005-08-19 openvpn < 2.0.1 CVE-2005-2532 http://openvpn.net/changelog.html |
3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8 | OpenVPN -- out-of-bounds write in legacy key-method 1 Steffan Karger reports:
Discovery 2017-09-21 Entry 2017-09-27 openvpn-polarssl < 2.3.18 openvpn-mbedtls ge 2.4.0 lt 2.4.4 openvpn ge 2.4.0 lt 2.4.4 < 2.3.18 https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html CVE-2017-12166 |
8604121c-7fc2-11ea-bcac-7781e90b0c8f | openvpn -- illegal client float can break VPN session for other users Lev Stipakov and Gert Doering report:
Discovery 2020-04-13 Entry 2020-04-16 openvpn < 2.4.8_3 openvpn-mbedtls < 2.4.8_3 openvpn-devel < 202016 https://github.com/OpenVPN/openvpn/commit/f7b318f811bb43c0d3aa7f337ec6242ed2c33881 https://sourceforge.net/p/openvpn/openvpn/ci/f7b318f811bb43c0d3aa7f337ec6242ed2c33881/ https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19720.html https://community.openvpn.net/openvpn/ticket/1272 https://patchwork.openvpn.net/patch/1077/ CVE-2020-11810 |
45a72180-a640-11ec-a08b-85298243e224 | openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins David Sommerseth reports:
Discovery 2022-03-10 Entry 2022-03-17 openvpn < 2.5.6 openvpn-mbedtls < 2.5.6 CVE-2022-0547 https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256 |
a51ad838-2077-48b2-a136-e888a7db5f8d | openvpn -- denial of service: client certificate validation can disconnect unrelated clients James Yonan reports:
Discovery 2005-08-03 Entry 2005-08-19 openvpn < 2.0.1 CVE-2005-2531 http://openvpn.net/changelog.html |
0dc8be9e-19af-11e6-8de0-080027ef73ec | OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing Samuli Seppänen reports:
Discovery 2016-03-03 Entry 2016-05-14 openvpn < 2.3.11 openvpn-polarssl < 2.3.11 https://sourceforge.net/p/openvpn/mailman/message/35076507/ https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 |
5ad3e437-e527-4514-b9ed-280b2ca1a8c9 | openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server James Yonan reports:
Discovery 2005-08-03 Entry 2005-08-19 openvpn < 2.0.1 CVE-2005-2534 http://openvpn.net/changelog.html |
1986449a-8b74-40fa-b7cc-0d8def8aad65 | openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory James Yonan reports:
Discovery 2005-07-27 Entry 2005-08-19 openvpn < 2.0.1 CVE-2005-2533 http://openvpn.net/changelog.html |
92f30415-9935-11e2-ad4c-080027ef73ec | OpenVPN -- potential side-channel/timing attack when comparing HMACs The OpenVPN project reports:
Discovery 2013-03-19 Entry 2013-03-31 Modified 2013-06-01 openvpn < 2.0.9_4 ge 2.1.0 lt 2.2.2_2 ge 2.3.0 lt 2.3.1 https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc CVE-2013-2061 http://www.openwall.com/lists/oss-security/2013/05/06/6 https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee |
23ab5c3e-79c3-11e4-8b1e-d050992ecde8 | OpenVPN -- denial of service security vulnerability The OpenVPN project reports:
Discovery 2014-12-01 Entry 2014-12-02 openvpn < 2.0.11 ge 2.1.0 lt 2.2.3 ge 2.3.0 lt 2.3.6 CVE-2014-8104 https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b |