Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing malicious users to bypass authentication via sessi...
Gl-inet Gl-ar750s Firmware 3.215
NA
CVE-2023-32348
Teltonika’s Remote Management System versions before 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connec...
Teltonika Remote Management System
NA
CVE-2023-28971
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an malicious user to bypass existing firewall rules and limitations used to restrict inte...
Juniper Paragon Active Assurance
NA
CVE-2023-24181
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
Openwrt Luci 22.03.3
NA
CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This ...
Perfact Openvpn-client
9.3
CVSSv2
CVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Route...
Siemens Simatic Cp 1242-7 V2 Firmware
Siemens Simatic Cp 1243-1 Firmware
Siemens Simatic Cp 1243-7 Lte Eu Firmware
Siemens Simatic Cp 1243-7 Lte Us Firmware
Siemens Simatic Cp 1243-8 Irc Firmware
Siemens Simatic Cp 1542sp-1 Irc Firmware
Siemens Simatic Cp 1543-1 Firmware
Siemens Simatic Cp 1543sp-1 Firmware
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Firmware
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware
Siemens Siplus Net Cp 1242-7 V2 Firmware
Siemens Siplus Net Cp 1543-1 Firmware
Siemens Siplus S7-1200 Cp 1243-1 Firmware
Siemens Siplus S7-1200 Cp 1243-1 Rail Firmware
5
CVSSv2
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Openvpn Openvpn Access Server
5
CVSSv2
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and prior to 2.11.0 may contain a random generated admin password
Openvpn Openvpn Access Server
5
CVSSv2
CVE-2022-33738
OpenVPN Access Server prior to 2.11 uses a weak random generator used to create user session token for the web portal
Openvpn Openvpn Access Server
4.3
CVSSv2
CVE-2022-25166
An issue exists in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an...
Amazon Aws Client Vpn 2.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »