Every CVE whose affected-product data names Infradead Openconnect, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2013-7098 — CVSS 9.8 (critical): OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
CVE-2019-16239 — CVSS 9.8 (critical): process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted…
CVE-2020-12823 — CVSS 9.8 (critical): OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted…
CVE-2012-3291 — CVSS 7.8 (high): Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
CVE-2010-3901 — CVSS 6.4 (medium): OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary…
CVE-2020-12105 — CVSS 5.9 (medium): OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing…
CVE-2012-6128 — CVSS 5.0 (medium): Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service…
CVE-2010-3902 — CVSS 5.0 (medium): OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive…
CVE-2010-3903 — CVSS 5.0 (medium): Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application…
CVE-2009-5009 — CVSS 5.0 (medium): Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service…