openvpn (SUSE:Linux Enterprise Module for Basesystem 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP6 package openvpn, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2024-5594 — CVSS 9.1 (critical): OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected…
CVE-2025-2704 — CVSS 7.5 (high): OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting…
CVE-2024-28882 — CVSS 4.3 (medium): OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the…