Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-35523
Securepoint SSL VPN Client v2 prior to 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and a...
Securepoint Openvpn-client
7.8
CVSSv3
CVE-2020-15076
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Private Tunnel
8.8
CVSSv3
CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This ...
Perfact Openvpn-client
3.7
CVSSv3
CVE-2020-11810
An issue exists in OpenVPN 2.4.x prior to 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim...
Openvpn Openvpn
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 32
7.8
CVSSv3
CVE-2018-9336
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x prior to 2.4.6 allows a local malicious user to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibl...
Openvpn Openvpn
Slackware Slackware Linux 14.1
Slackware Slackware Linux 13.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 13.0
Slackware Slackware Linux 13.37
7.5
CVSSv3
CVE-2020-15078
OpenVPN 2.5.1 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Debian Debian Linux 9.0
1 Github repository
NA
CVE-2024-27903
OpenVPN Security fixes: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a d...
NA
CVE-2012-3486
Tunnelblick 3.3beta20 and previous versions allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
Google Tunnelblick
9.8
CVSSv3
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
1 Github repository
7.8
CVSSv3
CVE-2019-12578
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local malicious user to run arbitrary code with elevated privileges. The openvpn_launcher.64 binary is setuid root. This binary executes /opt/pia/openvpn...
Londontrustmedia Private Internet Access Vpn Client 82
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »