Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn openvpn vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-28971
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an malicious user to bypass existing firewall rules and limitations used to restrict inte...
Juniper Paragon Active Assurance
7.1
CVSSv3
CVE-2020-15075
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Connect
6.8
CVSSv3
CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 prior to 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote malicious users to spoof DNS traffic via a birthday attack th...
Isc Bind 4
Isc Bind 8
Isc Bind 9.2.9
3 EDB exploits
4 Nmap scripts
1 Github repository
6.5
CVSSv3
CVE-2021-31604
furlongm openvpn-monitor up to and including 1.1.3 allows CSRF to disconnect an arbitrary client.
Openvpn-monitor Project Openvpn-monitor
6.5
CVSSv3
CVE-2017-7522
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn
Openvpn Openvpn 2.4.2
1 Article
6.5
CVSSv3
CVE-2017-7479
OpenVPN versions prior to 2.3.15 and prior to 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
6.1
CVSSv3
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
6.1
CVSSv3
CVE-2020-13260
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated malicious user to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-...
Rad Secflow-1v Firmware Os-image Sf 0290 2.3.01.26
1 Github repository
6.1
CVSSv3
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
5.9
CVSSv3
CVE-2022-3761
OpenVPN Connect versions prior to 3.4.0.4506 (macOS) and OpenVPN Connect prior to 3.4.0.3100 (Windows) allows man-in-the-middle malicious users to intercept configuration profile download requests which contains the users credentials
Openvpn Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »