Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Openvpn Openvpn 2.1.28.0
Privatetunnel Privatetunnel 2.3.8
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Openvpn Openvpn
Fedoraproject Fedora 34
Fedoraproject Fedora 36
Debian Debian Linux 9.0
NA
CVE-2022-3761
OpenVPN Connect versions prior to 3.4.0.4506 (macOS) and OpenVPN Connect prior to 3.4.0.3100 (Windows) allows man-in-the-middle malicious users to intercept configuration profile download requests which contains the users credentials
Openvpn Connect
3.6
CVSSv2
CVE-2020-15075
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Connect
7.5
CVSSv2
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
7.2
CVSSv2
CVE-2020-9442
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Openvpn Connect
1 Github repository
5
CVSSv2
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and previous versions. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Aviatrix Openvpn
NA
CVE-2023-7224
OpenVPN Connect version 3.0 up to and including 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Openvpn Connect
4.4
CVSSv2
CVE-2021-3613
OpenVPN Connect 3.2.0 up to and including 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe)...
Openvpn Connect
7.2
CVSSv2
CVE-2020-15076
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Private Tunnel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »