Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2018-7544
A cross-protocol scripting issue exists in the management interface in OpenVPN up to and including 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, ob...
Openvpn Openvpn
NA
CVE-2020-20813
Control Channel in OpenVPN 2.4.7 and previous versions allows remote malicious users to cause a denial of service via crafted reset packet.
Openvpn Openvpn
388
VMScore
CVE-2016-6329
OpenVPN, when using a 64-bit block cipher, makes it easier for remote malicious users to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" at...
Openvpn Openvpn
676
VMScore
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 up to and including 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
Openvpn Openvpn 2.1
312
VMScore
CVE-2020-15077
OpenVPN Access Server 2.8.7 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn Access Server
445
VMScore
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and prior to 2.11.0 may contain a random generated admin password
Openvpn Openvpn Access Server
668
VMScore
CVE-2020-8953
OpenVPN Access Server 2.8.x prior to 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Openvpn Openvpn Access Server
383
VMScore
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
445
VMScore
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote malicious users to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Openvpn Openvpn Access Server
445
VMScore
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »