Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn access server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and prior to 2.11.0 may contain a random generated admin password
Openvpn Openvpn Access Server
445
VMScore
CVE-2022-33738
OpenVPN Access Server prior to 2.11 uses a weak random generator used to create user session token for the web portal
Openvpn Openvpn Access Server
605
VMScore
CVE-2013-2692
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server prior to 1.8.5 allows remote malicious users to hijack the authentication of administrators for requests that create administrative users.
Openvpn Openvpn Access Server
668
VMScore
CVE-2020-8953
OpenVPN Access Server 2.8.x prior to 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Openvpn Openvpn Access Server
445
VMScore
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Openvpn Openvpn Access Server
383
VMScore
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
356
VMScore
CVE-2006-2229
OpenVPN 2.0.7 and previous versions, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote malicious users to view sensitive information or cause a denial o...
Openvpn Openvpn 2.0
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn Access Server 2.0.2
Openvpn Openvpn 2.0.2 Rc1
Openvpn Openvpn 2.0 Beta1
Openvpn Openvpn 2.0 Beta10
Openvpn Openvpn 2.0 Beta18
Openvpn Openvpn 2.0 Beta19
Openvpn Openvpn 2.0 Beta6
Openvpn Openvpn 2.0.1 Rc3
Openvpn Openvpn 2.0.1 Rc4
Openvpn Openvpn Access Server 2.0.5
Openvpn Openvpn Access Server 2.0.6
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta15
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
Openvpn Openvpn 2.0.4
Openvpn Openvpn 2.0 Beta11
NA
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Openvpn Openvpn
Openvpn Openvpn Access Server
Debian Debian Linux 12.0
Fedoraproject Fedora 39
231
VMScore
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding orac...
Openvpn Openvpn 1.6.0
Openvpn Openvpn 1.5.0
Openvpn Openvpn 1.3.0
Openvpn Openvpn 1.2.1
Openvpn Openvpn 2.1.0
Openvpn Openvpn Access Server 2.0.0
Openvpn Openvpn 1.3.2
Openvpn Openvpn 1.3.1
Openvpn Openvpn 1.4.3
Openvpn Openvpn 1.4.2
Openvpn Openvpn 1.2.0
Openvpn Openvpn
Openvpn Openvpn 2.2.0
Openvpn Openvpn 1.4.1
Openvpn Openvpn 1.4.0
Opensuse Opensuse 11.4
445
VMScore
CVE-2005-3409
OpenVPN 2.x prior to 2.0.4, when running in TCP mode, allows remote malicious users to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
Openvpn Openvpn 2.0.1 Rc5
Openvpn Openvpn 2.0.1 Rc6
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn 2.0 Beta12
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta20
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0 Rc1
Openvpn Openvpn 2.0 Rc10
Openvpn Openvpn 2.0 Rc17
Openvpn Openvpn 2.0 Rc18
Openvpn Openvpn 2.0 Rc5
Openvpn Openvpn 2.0 Rc6
Openvpn Openvpn 2.0 Test14
Openvpn Openvpn 2.0 Test15
Openvpn Openvpn 2.0 Test21
Openvpn Openvpn 2.0 Test22
Openvpn Openvpn 2.0 Test5
Openvpn Openvpn 2.0 Test6
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »