Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
Ovarro Tbox Ms-cpu32 Firmware
Ovarro Tbox Ms-cpu32-s2 Firmware
Ovarro Tbox Lt2 Firmware
Ovarro Tbox Tg2 Firmware
Ovarro Tbox Rm2 Firmware
7.2
CVSSv3
CVE-2023-28971
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an malicious user to bypass existing firewall rules and limitations used to restrict inte...
Juniper Paragon Active Assurance
7.1
CVSSv3
CVE-2020-15075
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Connect
6.8
CVSSv3
CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 prior to 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote malicious users to spoof DNS traffic via a birthday attack th...
Isc Bind 4
Isc Bind 8
Isc Bind 9.2.9
3 EDB exploits
4 Nmap scripts
1 Github repository
6.5
CVSSv3
CVE-2021-31604
furlongm openvpn-monitor up to and including 1.1.3 allows CSRF to disconnect an arbitrary client.
Openvpn-monitor Project Openvpn-monitor
6.5
CVSSv3
CVE-2017-7522
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn
Openvpn Openvpn 2.4.2
1 Article
6.5
CVSSv3
CVE-2017-7479
OpenVPN versions prior to 2.3.15 and prior to 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
6.1
CVSSv3
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
6.1
CVSSv3
CVE-2020-13260
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated malicious user to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-...
Rad Secflow-1v Firmware Os-image Sf 0290 2.3.01.26
1 Github repository
6.1
CVSSv3
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »