Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn access server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-33738
OpenVPN Access Server prior to 2.11 uses a weak random generator used to create user session token for the web portal
Openvpn Openvpn Access Server
4.3
CVSSv2
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
5
CVSSv2
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Openvpn Openvpn Access Server
6.8
CVSSv2
CVE-2013-2692
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server prior to 1.8.5 allows remote malicious users to hijack the authentication of administrators for requests that create administrative users.
Openvpn Openvpn Access Server
6.8
CVSSv2
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
4.3
CVSSv2
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
4
CVSSv2
CVE-2006-2229
OpenVPN 2.0.7 and previous versions, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote malicious users to view sensitive information or cause a denial o...
Openvpn Openvpn 2.0
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn Access Server 2.0.2
Openvpn Openvpn 2.0.2 Rc1
Openvpn Openvpn 2.0 Beta1
Openvpn Openvpn 2.0 Beta10
Openvpn Openvpn 2.0 Beta18
Openvpn Openvpn 2.0 Beta19
Openvpn Openvpn 2.0 Beta6
Openvpn Openvpn 2.0.1 Rc3
Openvpn Openvpn 2.0.1 Rc4
Openvpn Openvpn Access Server 2.0.5
Openvpn Openvpn Access Server 2.0.6
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta15
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
Openvpn Openvpn 2.0.4
Openvpn Openvpn 2.0 Beta11
NA
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Openvpn Openvpn
Openvpn Openvpn Access Server
Debian Debian Linux 12.0
Fedoraproject Fedora 39
2.6
CVSSv2
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding orac...
Openvpn Openvpn 1.6.0
Openvpn Openvpn 1.5.0
Openvpn Openvpn 1.3.0
Openvpn Openvpn 1.2.1
Openvpn Openvpn 2.1.0
Openvpn Openvpn Access Server 2.0.0
Openvpn Openvpn 1.3.2
Openvpn Openvpn 1.3.1
Openvpn Openvpn 1.4.3
Openvpn Openvpn 1.4.2
Openvpn Openvpn 1.2.0
Openvpn Openvpn
Openvpn Openvpn 2.2.0
Openvpn Openvpn 1.4.1
Openvpn Openvpn 1.4.0
Opensuse Opensuse 11.4
5
CVSSv2
CVE-2005-3409
OpenVPN 2.x prior to 2.0.4, when running in TCP mode, allows remote malicious users to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
Openvpn Openvpn 2.0.1 Rc5
Openvpn Openvpn 2.0.1 Rc6
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn 2.0 Beta12
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta20
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0 Rc1
Openvpn Openvpn 2.0 Rc10
Openvpn Openvpn 2.0 Rc17
Openvpn Openvpn 2.0 Rc18
Openvpn Openvpn 2.0 Rc5
Openvpn Openvpn 2.0 Rc6
Openvpn Openvpn 2.0 Test14
Openvpn Openvpn 2.0 Test15
Openvpn Openvpn 2.0 Test21
Openvpn Openvpn 2.0 Test22
Openvpn Openvpn 2.0 Test5
Openvpn Openvpn 2.0 Test6
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »