Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
Openvpn Openvpn
9.1
CVSSv3
CVE-2018-7544
A cross-protocol scripting issue exists in the management interface in OpenVPN up to and including 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, ob...
Openvpn Openvpn
5.9
CVSSv3
CVE-2016-6329
OpenVPN, when using a 64-bit block cipher, makes it easier for remote malicious users to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" at...
Openvpn Openvpn
NA
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 up to and including 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
Openvpn Openvpn 2.1
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
9.8
CVSSv3
CVE-2020-8953
OpenVPN Access Server 2.8.x prior to 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote malicious users to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Openvpn Openvpn Access Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »