Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn connect vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-3613
OpenVPN Connect 3.2.0 up to and including 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe)...
Openvpn Connect
5.9
CVSSv3
CVE-2022-3761
OpenVPN Connect versions prior to 3.4.0.4506 (macOS) and OpenVPN Connect prior to 3.4.0.3100 (Windows) allows man-in-the-middle malicious users to intercept configuration profile download requests which contains the users credentials
Openvpn Connect
7.8
CVSSv3
CVE-2020-9442
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Openvpn Connect
1 Github repository
7.1
CVSSv3
CVE-2020-15075
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Connect
7.8
CVSSv3
CVE-2023-7224
OpenVPN Connect version 3.0 up to and including 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Openvpn Connect
7.4
CVSSv3
CVE-2017-7520
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.2
Openvpn Openvpn 2.4.1
1 Article
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
NA
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Privatetunnel Privatetunnel 2.3.8
Openvpn Openvpn 2.1.28.0
1 EDB exploit
2 Github repositories
NA
CVE-2023-7245
The nodejs framework in OpenVPN Connect 3.0 up to and including 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
8.8
CVSSv3
CVE-2018-9105
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main appl...
Nordvpn Nordvpn 3.3.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »