Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vpn client vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-11810
An issue exists in OpenVPN 2.4.x prior to 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim...
Openvpn Openvpn
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 32
10
CVSSv2
CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated malicious user to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve a...
Zyxel Nas326 Firmware
Zyxel Nas520 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
Zyxel Atp100 Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp800 Firmware
Zyxel Usg20-vpn Firmware
Zyxel Usg20w-vpn Firmware
Zyxel Usg40 Firmware
Zyxel Usg40w Firmware
Zyxel Usg60 Firmware
Zyxel Usg60w Firmware
Zyxel Usg110 Firmware
Zyxel Usg210 Firmware
Zyxel Usg310 Firmware
Zyxel Usg1100 Firmware
Zyxel Usg1900 Firmware
Zyxel Usg2200 Firmware
Zyxel Vpn50 Firmware
Zyxel Vpn100 Firmware
1 Github repository
1 Article
6
CVSSv2
CVE-2011-2054
A vulnerability in the Cisco ASA that could allow a remote malicious user to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabili...
Cisco Asa 5500 Firmware 8.4\\(1\\)
Cisco Asa 5510 Firmware 8.4\\(1\\)
Cisco Asa 5512-x Firmware 8.4\\(1\\)
Cisco Asa 5515-x Firmware 8.4\\(1\\)
Cisco Asa 5520 Firmware 8.4\\(1\\)
Cisco Asa 5525-x Firmware 8.4\\(1\\)
Cisco Asa 5540 Firmware 8.4\\(1\\)
Cisco Asa 5545-x Firmware 8.4\\(1\\)
Cisco Asa 5550 Firmware 8.4\\(1\\)
Cisco Asa 5555-x Firmware 8.4\\(1\\)
Cisco Asa 5580 Firmware 8.4\\(1\\)
Cisco Asa 5585-x Firmware 8.4\\(1\\)
7.5
CVSSv2
CVE-2013-7098
OpenConnect VPN client with GnuTLS prior to 5.02 contains a heap overflow if MTU is increased on reconnection.
Infradead Openconnect
2.9
CVSSv2
CVE-2019-15126
An issue exists on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the a...
Apple Ipados
Apple Iphone Os
Apple Mac Os X
Broadcom Bcm4389 Firmware -
Broadcom Bcm43012 Firmware -
Broadcom Bcm43013 Firmware -
Broadcom Bcm4375 Firmware -
Broadcom Bcm43752 Firmware -
Broadcom Bcm4356 Firmware -
1 EDB exploit
5 Github repositories
2 Articles
4.6
CVSSv2
CVE-2020-5180
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a...
Sparklabs Viscosity 1.8.2
7.2
CVSSv2
CVE-2019-17387
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client up to and including 2.2.10 allows an malicious user to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
Aviatrix Vpn Client
7.2
CVSSv2
CVE-2019-17388
Weak file permissions applied to the Aviatrix VPN Client up to and including 2.2.10 installation directory on Windows and Linux allow a local malicious user to execute arbitrary code by gaining elevated privileges through file modifications.
Aviatrix Vpn Client
7.2
CVSSv2
CVE-2019-6145
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar...
Forcepoint Vpn Client
7.5
CVSSv2
CVE-2019-16239
process_http_response in OpenConnect prior to 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
Infradead Openconnect
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.0
Opensuse Leap 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »