Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-15077
OpenVPN Access Server 2.8.7 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and prior to 2.11.0 may contain a random generated admin password
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2022-33738
OpenVPN Access Server prior to 2.11 uses a weak random generator used to create user session token for the web portal
Openvpn Openvpn Access Server
NA
CVE-2013-2692
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server prior to 1.8.5 allows remote malicious users to hijack the authentication of administrators for requests that create administrative users.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Openvpn Openvpn Access Server
6.5
CVSSv3
CVE-2021-31604
furlongm openvpn-monitor up to and including 1.1.3 allows CSRF to disconnect an arbitrary client.
Openvpn-monitor Project Openvpn-monitor
7.5
CVSSv3
CVE-2021-31605
furlongm openvpn-monitor up to and including 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.
Openvpn-monitor Project Openvpn-monitor
1 Github repository
6.1
CVSSv3
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
7.5
CVSSv3
CVE-2021-31606
furlongm openvpn-monitor up to and including 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.
Openvpn-monitor Project Openvpn-monitor
NA
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Openvpn Openvpn 2.1.28.0
Privatetunnel Privatetunnel 2.3.8
1 EDB exploit
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »