Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The &...
Cyberghostvpn Cyberghost 6.5.0.3180
7.2
CVSSv2
CVE-2018-10645
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetPrope...
Goldenfrog Vyprvpn 2.12.1.8015
7.2
CVSSv2
CVE-2018-10647
SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDA...
Safervpn Safervpn 4.2.5
6.9
CVSSv2
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Openvpn Openvpn 2.1.28.0
Privatetunnel Privatetunnel 2.3.8
1 EDB exploit
2 Github repositories
6.9
CVSSv2
CVE-2012-3486
Tunnelblick 3.3beta20 and previous versions allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
Google Tunnelblick
6.8
CVSSv2
CVE-2020-27648
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-2 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Diskstation Manager
Synology Skynas Firmware
6.8
CVSSv2
CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Router Manager
6.8
CVSSv2
CVE-2018-10066
An issue exists in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the malicious user to gain access to the client's...
Mikrotik Routeros 6.41.4
6.8
CVSSv2
CVE-2017-17809
In Golden Frog VyprVPN prior to 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows malicious users to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse th...
Goldenfrog Vyprvpn
6.8
CVSSv2
CVE-2017-12166
OpenVPN versions prior to 2.3.3 and 2.4.x prior to 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Openvpn Openvpn
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »