Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn access server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote malicious users to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Openvpn Openvpn Access Server
445
VMScore
CVE-2020-15078
OpenVPN 2.5.1 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Debian Debian Linux 9.0
1 Github repository
445
VMScore
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
445
VMScore
CVE-2005-3409
OpenVPN 2.x prior to 2.0.4, when running in TCP mode, allows remote malicious users to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
Openvpn Openvpn 2.0.1 Rc5
Openvpn Openvpn 2.0.1 Rc6
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn 2.0 Beta12
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta20
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0 Rc1
Openvpn Openvpn 2.0 Rc10
Openvpn Openvpn 2.0 Rc17
Openvpn Openvpn 2.0 Rc18
Openvpn Openvpn 2.0 Rc5
Openvpn Openvpn 2.0 Rc6
Openvpn Openvpn 2.0 Test14
Openvpn Openvpn 2.0 Test15
Openvpn Openvpn 2.0 Test21
Openvpn Openvpn 2.0 Test22
Openvpn Openvpn 2.0 Test5
Openvpn Openvpn 2.0 Test6
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
383
VMScore
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
383
VMScore
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
383
VMScore
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
356
VMScore
CVE-2006-2229
OpenVPN 2.0.7 and previous versions, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote malicious users to view sensitive information or cause a denial o...
Openvpn Openvpn 2.0
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn 2.0.1 Rc7
Openvpn Openvpn Access Server 2.0.2
Openvpn Openvpn 2.0.2 Rc1
Openvpn Openvpn 2.0 Beta1
Openvpn Openvpn 2.0 Beta10
Openvpn Openvpn 2.0 Beta18
Openvpn Openvpn 2.0 Beta19
Openvpn Openvpn 2.0 Beta6
Openvpn Openvpn 2.0.1 Rc3
Openvpn Openvpn 2.0.1 Rc4
Openvpn Openvpn Access Server 2.0.5
Openvpn Openvpn Access Server 2.0.6
Openvpn Openvpn 2.0 Beta13
Openvpn Openvpn 2.0 Beta15
Openvpn Openvpn 2.0 Beta28
Openvpn Openvpn 2.0.1 Rc1
Openvpn Openvpn 2.0.1 Rc2
Openvpn Openvpn 2.0.3 Rc1
Openvpn Openvpn 2.0.4
Openvpn Openvpn 2.0 Beta11
312
VMScore
CVE-2020-15077
OpenVPN Access Server 2.8.7 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn Access Server
231
VMScore
CVE-2013-2061
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding orac...
Openvpn Openvpn 1.6.0
Openvpn Openvpn 1.5.0
Openvpn Openvpn 1.3.0
Openvpn Openvpn 1.2.1
Openvpn Openvpn 2.1.0
Openvpn Openvpn Access Server 2.0.0
Openvpn Openvpn 1.3.2
Openvpn Openvpn 1.3.1
Openvpn Openvpn 1.4.3
Openvpn Openvpn 1.4.2
Openvpn Openvpn 1.2.0
Openvpn Openvpn
Openvpn Openvpn 2.2.0
Openvpn Openvpn 1.4.1
Openvpn Openvpn 1.4.0
Opensuse Opensuse 11.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »