Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 10 of 18 results

CVE-2024-3661

Medium priority
Vulnerable

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An...

29 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gadmin-openvpn-client Not in release Not in release Vulnerable Vulnerable Vulnerable
gadmin-openvpn-server Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-github-apparentlymart-go-openvpn-mgmt Vulnerable Vulnerable Vulnerable
kvpnc Not in release Not in release Not in release Vulnerable Vulnerable
libreswan Vulnerable Vulnerable Vulnerable Vulnerable
mozillavpn Not in release Vulnerable Not in release
n2n Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-fortisslvpn Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-iodine Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-l2tp Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-openvpn Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-pptp Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-sstp Vulnerable Vulnerable Not in release
network-manager-strongswan Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
network-manager-vpnc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openfortivpn Vulnerable Vulnerable Vulnerable Vulnerable
openvpn Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
pptp-linux Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
pptpd Not in release Vulnerable Vulnerable Vulnerable Vulnerable
quicktun Vulnerable Vulnerable Vulnerable Vulnerable
riseup-vpn Vulnerable Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release
sshuttle Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tinc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
vpnc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
wireguard Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 29 packages Show less packages

CVE-2023-36673

Medium priority
Vulnerable

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel,...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Not affected Not affected Not affected Not affected Not affected
gadmin-openvpn-client Not in release Not in release Not affected Not affected Not affected
gadmin-openvpn-server Not in release Not in release Not affected Not affected Not affected
golang-github-apparentlymart-go-openvpn-mgmt Not affected Not affected Not affected Not in release Not in release
kvpnc Not in release Not in release Not in release Not affected Not affected
l2tp-ipsec-vpn Not in release Not in release Not in release Not in release Not in release
l2tp-ipsec-vpn-daemon Not in release Not in release Not in release Not in release Not in release
libreswan Not affected Not affected Not affected Not affected Not in release
mozillavpn Not in release Not affected Not in release Not in release Not in release
n2n Not affected Not affected Not affected Not affected Not affected
network-manager-fortisslvpn Not affected Not affected Not affected Not affected Not in release
network-manager-iodine Not affected Not affected Not affected Not affected Not affected
network-manager-l2tp Not affected Not affected Not affected Not affected Not in release
network-manager-openconnect Not affected Not affected Not affected Not affected Not affected
network-manager-openvpn Not affected Not affected Not affected Not affected Not affected
network-manager-pptp Not affected Not affected Not affected Not affected Not affected
network-manager-sstp Not affected Not affected Not in release Not in release Not in release
network-manager-strongswan Not affected Not affected Not affected Not affected Not affected
network-manager-vpnc Not affected Not affected Not affected Not affected Not affected
openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openfortivpn Not affected Not affected Not affected Not affected Not in release
openvpn Not affected Not affected Not affected Not affected Not affected
pptp-linux Not affected Not affected Not affected Not affected Not affected
quicktun Not affected Not affected Not affected Not affected Not in release
riseup-vpn Not affected Not in release Not in release Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release Not in release Not in release
sshuttle Not affected Not affected Not affected Not affected Not affected
tinc Not affected Not affected Not affected Not affected Not affected
vpnc Not affected Not affected Not affected Not affected Not affected
wireguard Not affected Not affected Not affected Not affected Not affected
zentyal-openvpn Not in release Not in release Not in release Not in release Not in release
Show all 31 packages Show less packages

CVE-2023-36672

Medium priority
Vulnerable

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Not affected Not affected Not affected Not affected Not affected
gadmin-openvpn-client Not in release Not in release Not affected Not affected Not affected
gadmin-openvpn-server Not in release Not in release Not affected Not affected Not affected
golang-github-apparentlymart-go-openvpn-mgmt Not affected Not affected Not affected Not in release Not in release
kvpnc Not in release Not in release Not in release Not affected Not affected
l2tp-ipsec-vpn Not in release Not in release Not in release Not in release Not in release
l2tp-ipsec-vpn-daemon Not in release Not in release Not in release Not in release Not in release
libreswan Not affected Not affected Not affected Not affected Not in release
mozillavpn Not in release Not affected Not in release Not in release Not in release
n2n Not affected Not affected Not affected Not affected Not affected
network-manager-fortisslvpn Not affected Not affected Not affected Not affected Not in release
network-manager-iodine Not affected Not affected Not affected Not affected Not affected
network-manager-l2tp Not affected Not affected Not affected Not affected Not in release
network-manager-openconnect Not affected Not affected Not affected Not affected Not affected
network-manager-openvpn Not affected Not affected Not affected Not affected Not affected
network-manager-pptp Not affected Not affected Not affected Not affected Not affected
network-manager-sstp Not affected Not affected Not in release Not in release Not in release
network-manager-strongswan Not affected Not affected Not affected Not affected Not affected
network-manager-vpnc Not affected Not affected Not affected Not affected Not affected
openconnect Not affected Not affected Not affected Vulnerable Vulnerable
openfortivpn Not affected Not affected Not affected Not affected Not in release
openvpn Not affected Not affected Not affected Not affected Not affected
pptp-linux Not affected Not affected Not affected Not affected Not affected
quicktun Not affected Not affected Not affected Not affected Not in release
riseup-vpn Not affected Not in release Not in release Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release Not in release Not in release
sshuttle Not affected Not affected Not affected Not affected Not affected
tinc Not affected Not affected Not affected Not affected Not affected
vpnc Not affected Not affected Not affected Not affected Not affected
wireguard Ignored Ignored Ignored Ignored Ignored
zentyal-openvpn Not in release Not in release Not in release Not in release Not in release
Show all 31 packages Show less packages

CVE-2023-36671

Medium priority
Vulnerable

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Not affected Not affected Not affected Not affected Not affected
gadmin-openvpn-client Not in release Not in release Not affected Not affected Not affected
gadmin-openvpn-server Not in release Not in release Not affected Not affected Not affected
golang-github-apparentlymart-go-openvpn-mgmt Not affected Not affected Not affected Not in release Not in release
kvpnc Not in release Not in release Not in release Not affected Not affected
l2tp-ipsec-vpn Not in release Not in release Not in release Not in release Not in release
l2tp-ipsec-vpn-daemon Not in release Not in release Not in release Not in release Not in release
libreswan Not affected Not affected Not affected Not affected Not in release
mozillavpn Not in release Not affected Not in release Not in release Not in release
n2n Not affected Not affected Not affected Not affected Not affected
network-manager-fortisslvpn Not affected Not affected Not affected Not affected Not in release
network-manager-iodine Not affected Not affected Not affected Not affected Not affected
network-manager-l2tp Not affected Not affected Not affected Not affected Not in release
network-manager-openconnect Not affected Not affected Not affected Not affected Not affected
network-manager-openvpn Not affected Not affected Not affected Not affected Not affected
network-manager-pptp Not affected Not affected Not affected Not affected Not affected
network-manager-sstp Not affected Not affected Not in release Not in release Not in release
network-manager-strongswan Not affected Not affected Not affected Not affected Not affected
network-manager-vpnc Not affected Not affected Not affected Not affected Not affected
openconnect Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
openfortivpn Not affected Not affected Not affected Not affected Not in release
openvpn Not affected Not affected Not affected Not affected Not affected
pptp-linux Not affected Not affected Not affected Not affected Not affected
quicktun Not affected Not affected Not affected Not affected Not in release
riseup-vpn Not affected Not in release Not in release Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release Not in release Not in release
sshuttle Not affected Not affected Not affected Not affected Not affected
tinc Not affected Not affected Not affected Not affected Not affected
vpnc Not affected Not affected Not affected Not affected Not affected
wireguard Not affected Not affected Not affected Not affected Not affected
zentyal-openvpn Not in release Not in release Not in release Not in release Not in release
Show all 31 packages Show less packages

CVE-2023-35838

Medium priority
Vulnerable

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into...

31 affected packages

connman, gadmin-openvpn-client, gadmin-openvpn-server, golang-github-apparentlymart-go-openvpn-mgmt, kvpnc...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Not affected Not affected Not affected Not affected Not affected
gadmin-openvpn-client Not in release Not in release Not affected Not affected Not affected
gadmin-openvpn-server Not in release Not in release Not affected Not affected Not affected
golang-github-apparentlymart-go-openvpn-mgmt Not affected Not affected Not affected Not in release Not in release
kvpnc Not in release Not in release Not in release Not affected Not affected
l2tp-ipsec-vpn Not in release Not in release Not in release Not in release Not in release
l2tp-ipsec-vpn-daemon Not in release Not in release Not in release Not in release Not in release
libreswan Not affected Not affected Not affected Not affected Not in release
mozillavpn Not in release Not affected Not in release Not in release Not in release
n2n Not affected Not affected Not affected Not affected Not affected
network-manager-fortisslvpn Not affected Not affected Not affected Not affected Not in release
network-manager-iodine Not affected Not affected Not affected Not affected Not affected
network-manager-l2tp Not affected Not affected Not affected Not affected Not in release
network-manager-openconnect Not affected Not affected Not affected Not affected Not affected
network-manager-openvpn Not affected Not affected Not affected Not affected Not affected
network-manager-pptp Not affected Not affected Not affected Not affected Not affected
network-manager-sstp Not affected Not affected Not in release Not in release Not in release
network-manager-strongswan Not affected Not affected Not affected Not affected Not affected
network-manager-vpnc Not affected Not affected Not affected Not affected Not affected
openconnect Not affected Not affected Not affected Vulnerable Vulnerable
openfortivpn Not affected Not affected Not affected Not affected Not in release
openvpn Not affected Not affected Not affected Not affected Not affected
pptp-linux Not affected Not affected Not affected Not affected Not affected
quicktun Not affected Not affected Not affected Not affected Not in release
riseup-vpn Not affected Not in release Not in release Not in release Not in release
softether-vpn Vulnerable Vulnerable Not in release Not in release Not in release
sshuttle Not affected Not affected Not affected Not affected Not affected
tinc Not affected Not affected Not affected Not affected Not affected
vpnc Not affected Not affected Not affected Not affected Not affected
wireguard Ignored Ignored Ignored Ignored Ignored
zentyal-openvpn Not in release Not in release Not in release Not in release Not in release
Show all 31 packages Show less packages

CVE-2023-28488

Medium priority

Some fixes available 5 of 6

client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

1 affected packages

connman

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-32293

Medium priority
Fixed

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

1 affected packages

connman

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-32292

Medium priority
Fixed

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

1 affected packages

connman

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-23098

Medium priority

Some fixes available 4 of 5

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

1 affected packages

connman

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-23097

Medium priority

Some fixes available 4 of 5

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

1 affected packages

connman

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
connman Fixed Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON