Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0401
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55...
NA
CVE-2024-27459
OpenVPN Security fixes: windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation.
NA
CVE-2024-1305
OpenVPN Security fixes: Windows TAP driver: Fix potential integer overflow in !TapSharedSendPacket.
NA
CVE-2024-27903
OpenVPN Security fixes: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a d...
NA
CVE-2024-24974
OpenVPN Security fixes: Windows: disallow access to the interactive service pipe from remote computers.
NA
CVE-2023-6247
The PKCS#7 parser in OpenVPN 3 Core Library versions up to and including 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
NA
CVE-2023-7235
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an malicious user to replace binaries to run arbitrary executables.
NA
CVE-2023-7245
The nodejs framework in OpenVPN Connect 3.0 up to and including 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
7.8
CVSSv3
CVE-2023-7224
OpenVPN Connect version 3.0 up to and including 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Openvpn Connect
9.8
CVSSv3
CVE-2023-46454
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
Gl-inet Gl-ar300m Firmware 4.3.7
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »