Vulnerabilities > Infradead > Openconnect > 3.14

DATE CVE VULNERABILITY TITLE RISK
2020-04-23 CVE-2020-12105 Improper Handling of Exceptional Conditions vulnerability in multiple products
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
network
high complexity
infradead opensuse CWE-755
5.9
5.9
2020-02-13 CVE-2013-7098 Out-of-bounds Write vulnerability in Infradead Openconnect
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
network
low complexity
infradead CWE-787
critical
 9.8
9.8
2019-09-17 CVE-2019-16239 Classic Buffer Overflow vulnerability in multiple products
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
network
low complexity
infradead fedoraproject debian canonical opensuse CWE-120
critical
 9.8
9.8