Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-7520
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn 2.4.2
Openvpn Openvpn
1 Article
4.3
CVSSv2
CVE-2017-7521
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.2
Openvpn Openvpn 2.4.1
1 Article
4
CVSSv2
CVE-2017-7522
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn
Openvpn Openvpn 2.4.2
1 Article
4
CVSSv2
CVE-2017-7479
OpenVPN versions prior to 2.3.15 and prior to 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
9
CVSSv2
CVE-2006-1629
OpenVPN 2.0 up to and including 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Openvpn Openvpn 2.0
Openvpn Openvpn Access Server 2.0.3
Openvpn Openvpn 2.0.4
Openvpn Openvpn Access Server 2.0.5
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn Access Server 2.0.2
7.5
CVSSv2
CVE-2005-3393
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn Access Server 2.0.2
Openvpn Openvpn 2.0
Openvpn Openvpn 2.0 Beta11
5.8
CVSSv2
CVE-2021-3547
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle malicious user to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Openvpn Openvpn 3.6
Openvpn Openvpn 3.6.1
NA
CVE-2023-46849
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an malicious user to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Openvpn Openvpn
Openvpn Openvpn Access Server
Openvpn Openvpn Access Server 2.12.1
Openvpn Openvpn Access Server 2.12.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
NA
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Openvpn Openvpn
Openvpn Openvpn Access Server
Debian Debian Linux 12.0
Fedoraproject Fedora 39
4.4
CVSSv2
CVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
Openvpn Openvpn
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »