Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46455
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
Gl-inet Gl-ar300m Firmware 4.3.7
1 Github repository
NA
CVE-2023-46849
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an malicious user to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Openvpn Openvpn
Openvpn Openvpn Access Server
Openvpn Openvpn Access Server 2.12.1
Openvpn Openvpn Access Server 2.12.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
NA
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Openvpn Openvpn
Openvpn Openvpn Access Server
Debian Debian Linux 12.0
Fedoraproject Fedora 39
NA
CVE-2023-47101
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client prior to 2.0.40 allows local privilege escalation during installation or repair.
Securepoint Openvpn-client
NA
CVE-2022-3761
OpenVPN Connect versions prior to 3.4.0.4506 (macOS) and OpenVPN Connect prior to 3.4.0.3100 (Windows) allows man-in-the-middle malicious users to intercept configuration profile download requests which contains the users credentials
Openvpn Connect
NA
CVE-2023-41349
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in ...
Asus Rt-ax88u Firmware
NA
CVE-2020-20813
Control Channel in OpenVPN 2.4.7 and previous versions allows remote malicious users to cause a denial of service via crafted reset packet.
Openvpn Openvpn
NA
CVE-2022-46782
An issue exists in Stormshield SSL VPN Client prior to 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.
Stormshield Ssl Vpn Client
NA
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
1 Github repository
NA
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
Ovarro Tbox Ms-cpu32 Firmware
Ovarro Tbox Ms-cpu32-s2 Firmware
Ovarro Tbox Lt2 Firmware
Ovarro Tbox Tg2 Firmware
Ovarro Tbox Rm2 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »