Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make confi...
Gryphonconnect Gryphon Tower Firmware
5
CVSSv2
CVE-2021-31606
furlongm openvpn-monitor up to and including 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.
Openvpn-monitor Project Openvpn-monitor
5
CVSSv2
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote malicious users to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Openvpn Openvpn Access Server
5
CVSSv2
CVE-2020-15078
OpenVPN 2.5.1 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Debian Debian Linux 9.0
1 Github repository
5
CVSSv2
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and previous versions. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Aviatrix Openvpn
5
CVSSv2
CVE-2020-15590
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 up to and including 2.3+ allows remote malicious users to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a &ld...
Privateinternetaccess Private Internet Access Vpn Client
5
CVSSv2
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
5
CVSSv2
CVE-2019-14929
An issue exists on Mitsubishi Electric ME-RTU devices up to and including 2.02 and INEA ME-RTU devices up to and including 3.0. Stored cleartext passwords could allow an unauthenticated malicious user to obtain configured username and password combinations on the RTU due to the w...
Mitsubishielectric Smartrtu Firmware
Inea Me-rtu Firmware
5
CVSSv2
CVE-2019-6628
On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.
F5 Big-ip Policy Enforcement Manager
5
CVSSv2
CVE-2017-7508
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Openvpn Openvpn
Openvpn Openvpn 2.4.1
Openvpn Openvpn 2.4.2
Openvpn Openvpn 2.4.0
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »