Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn access server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15078
OpenVPN 2.5.1 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Debian Debian Linux 9.0
1 Github repository
7.5
CVSSv3
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
9.8
CVSSv3
CVE-2020-8953
OpenVPN Access Server 2.8.x prior to 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Openvpn Openvpn Access Server
8.1
CVSSv3
CVE-2018-10066
An issue exists in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the malicious user to gain access to the client's...
Mikrotik Routeros 6.41.4
6.1
CVSSv3
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
NA
CVE-2014-8104
OpenVPN 2.x prior to 2.0.11, 2.1.x, 2.2.x prior to 2.2.3, and 2.3.x prior to 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
Mageia Mageia 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Openvpn Openvpn 2.0 Rc9
Openvpn Openvpn 2.1
Openvpn Openvpn 2.0 Test19
Openvpn Openvpn 2.0 Test17
Openvpn Openvpn 2.0 Test28
Openvpn Openvpn 2.0 Test10
Openvpn Openvpn 2.2
Openvpn Openvpn 2.0 Test23
Openvpn Openvpn 2.2.2
Openvpn Openvpn 2.3
Openvpn Openvpn 2.0.1 Rc3
Openvpn Openvpn 2.0 Rc19
Openvpn Openvpn 2.2.1
Openvpn Openvpn 2.0.4
Openvpn Openvpn 2.0 Rc21
Openvpn Openvpn 2.3.4
1 Article
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
NA
CVE-2013-2692
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server prior to 1.8.5 allows remote malicious users to hijack the authentication of administrators for requests that create administrative users.
Openvpn Openvpn Access Server
NA
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding orac...
Openvpn Openvpn 1.5.0
Openvpn Openvpn 1.4.0
Openvpn Openvpn 1.3.0
Openvpn Openvpn 1.6.0
Openvpn Openvpn 1.3.1
Openvpn Openvpn 1.4.1
Openvpn Openvpn 1.2.1
Openvpn Openvpn 1.3.2
Openvpn Openvpn 2.1.0
Openvpn Openvpn 1.2.0
Openvpn Openvpn 1.4.3
Openvpn Openvpn 2.2.0
Openvpn Openvpn
Openvpn Openvpn 1.4.2
Openvpn Openvpn Access Server 2.0.0
Opensuse Opensuse 11.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »