Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn access server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
6.1
CVSSv3
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
6.1
CVSSv3
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
5.9
CVSSv3
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing malicious users to bypass authentication via sessi...
Gl-inet Gl-ar750s Firmware 3.215
5.8
CVSSv3
CVE-2023-32348
Teltonika’s Remote Management System versions before 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connec...
Teltonika Remote Management System
5.3
CVSSv3
CVE-2020-15077
OpenVPN Access Server 2.8.7 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn Access Server
NA
CVE-2014-8104
OpenVPN 2.x prior to 2.0.11, 2.1.x, 2.2.x prior to 2.2.3, and 2.3.x prior to 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
Mageia Mageia 4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Opensuse Opensuse 12.3
Openvpn Openvpn 2.0 Test1
Openvpn Openvpn 2.0 Test11
Openvpn Openvpn 2.0 Test19
Openvpn Openvpn 2.0 Test20
Openvpn Openvpn 2.0 Test27
Openvpn Openvpn 2.0 Test29
Openvpn Openvpn 2.0 Test7
Openvpn Openvpn 2.0 Test9
Openvpn Openvpn 2.0 Rc15
Openvpn Openvpn 2.0 Rc17
Openvpn Openvpn 2.0 Rc4
Openvpn Openvpn 2.0 Rc6
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc3
Openvpn Openvpn 2.0.1 Rc5
Openvpn Openvpn Access Server 2.0.3
1 Article
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
NA
CVE-2013-2692
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server prior to 1.8.5 allows remote malicious users to hijack the authentication of administrators for requests that create administrative users.
Openvpn Openvpn Access Server
NA
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding orac...
Openvpn Openvpn 1.6.0
Openvpn Openvpn 1.5.0
Openvpn Openvpn 1.3.0
Openvpn Openvpn 1.2.1
Openvpn Openvpn 2.1.0
Openvpn Openvpn Access Server 2.0.0
Openvpn Openvpn 1.3.2
Openvpn Openvpn 1.3.1
Openvpn Openvpn 1.4.3
Openvpn Openvpn 1.4.2
Openvpn Openvpn 1.2.0
Openvpn Openvpn
Openvpn Openvpn 2.2.0
Openvpn Openvpn 1.4.1
Openvpn Openvpn 1.4.0
Opensuse Opensuse 11.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »