FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
45a72180-a640-11ec-a08b-85298243e224	openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins David Sommerseth reports: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6. Discovery 2022-03-10 Entry 2022-03-17 openvpn < 2.5.6 openvpn-mbedtls < 2.5.6 CVE-2022-0547 https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256
142c538e-b18f-40a1-afac-c479effadd5c	openvpn -- two security fixes Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows): CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. (Reynir BjÃÂ¶rnsson) CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. (Reynir BjÃÂ¶rnsson) Discovery 2024-05-16 Entry 2024-06-20 openvpn < 2.6.11 CVE-2024-5594 CVE-2024-28882 https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes

VuXML ID

Description

45a72180-a640-11ec-a08b-85298243e224

openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins

David Sommerseth reports:

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.

Discovery 2022-03-10
Entry 2022-03-17
openvpn

< 2.5.6

openvpn-mbedtls

< 2.5.6

CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

142c538e-b18f-40a1-afac-c479effadd5c

openvpn -- two security fixes

Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):

CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. (Reynir BjÃÂ¶rnsson)

CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. (Reynir BjÃÂ¶rnsson)

Discovery 2024-05-16
Entry 2024-06-20
openvpn

< 2.6.11

CVE-2024-5594
CVE-2024-28882
https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes