Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15590
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 up to and including 2.3+ allows remote malicious users to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a &ld...
Privateinternetaccess Private Internet Access Vpn Client
7.5
CVSSv3
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-11462
An issue exists in OpenVPN Access Server prior to 2.7.0 and 2.8.x prior to 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2...
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2019-6628
On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.
F5 Big-ip Policy Enforcement Manager
7.5
CVSSv3
CVE-2017-7508
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Openvpn Openvpn
Openvpn Openvpn 2.4.1
Openvpn Openvpn 2.4.2
Openvpn Openvpn 2.4.0
1 Article
7.5
CVSSv3
CVE-2017-7478
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Openvpn Openvpn 2.3.12
Openvpn Openvpn 2.3.14
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.3.13
Openvpn Openvpn 2.4.1
1 EDB exploit
1 Article
7.5
CVSSv3
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
25 Github repositories
7.4
CVSSv3
CVE-2021-3547
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle malicious user to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Openvpn Openvpn 3.6
Openvpn Openvpn 3.6.1
7.4
CVSSv3
CVE-2017-7520
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn 2.4.2
Openvpn Openvpn
1 Article
7.2
CVSSv3
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
Ovarro Tbox Ms-cpu32 Firmware
Ovarro Tbox Ms-cpu32-s2 Firmware
Ovarro Tbox Lt2 Firmware
Ovarro Tbox Tg2 Firmware
Ovarro Tbox Rm2 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »