Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Openfortivpn Project Subscribe
Filtered by product Openfortivpn
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7042 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
CVE-2020-7041 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2020-10-09 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
CVE-2020-7043 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2020-10-09 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.