Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
9
CVSSv2
CVE-2020-5739
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's conn...
Grandstream Gxp1610 Firmware
Grandstream Gxp1615 Firmware
Grandstream Gxp1620 Firmware
Grandstream Gxp1625 Firmware
Grandstream Gxp1628 Firmware
Grandstream Gxp1630 Firmware
7.2
CVSSv2
CVE-2020-9442
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Openvpn Connect
1 Github repository
7.5
CVSSv2
CVE-2020-8953
OpenVPN Access Server 2.8.x prior to 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Openvpn Openvpn Access Server
4.6
CVSSv2
CVE-2020-5180
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a...
Sparklabs Viscosity 1.8.2
5
CVSSv2
CVE-2019-14929
An issue exists on Mitsubishi Electric ME-RTU devices up to and including 2.02 and INEA ME-RTU devices up to and including 3.0. Stored cleartext passwords could allow an unauthenticated malicious user to obtain configured username and password combinations on the RTU due to the w...
Mitsubishielectric Smartrtu Firmware
Inea Me-rtu Firmware
9
CVSSv2
CVE-2019-14657
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replac...
Yeahlink Vp59 Firmware
Yeahlink T49g Firmware
Yeahlink T58v Firmware
7.2
CVSSv2
CVE-2019-12578
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local malicious user to run arbitrary code with elevated privileges. The openvpn_launcher.64 binary is setuid root. This binary executes /opt/pia/openvpn...
Londontrustmedia Private Internet Access Vpn Client 82
5
CVSSv2
CVE-2019-6628
On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.
F5 Big-ip Policy Enforcement Manager
7.2
CVSSv2
CVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process...
Windscribe Windscribe 1.81
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »