Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2022-25166
An issue exists in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an...
Amazon Aws Client Vpn 2.0.0
578
VMScore
CVE-2022-24299
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary comma...
Netgate Pfsense
Netgate Pfsense Plus
668
VMScore
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Openvpn Openvpn
Fedoraproject Fedora 34
Fedoraproject Fedora 36
Debian Debian Linux 9.0
668
VMScore
CVE-2021-3773
A flaw in netfilter could allow a network-connected malicious user to infer openvpn connection endpoint information for further use in traditional network attacks.
Linux Linux Kernel
Fedoraproject Fedora 34
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Policy 22.2.0
Oracle Communications Cloud Native Core Network Exposure Function 22.1.1
445
VMScore
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make confi...
Gryphonconnect Gryphon Tower Firmware
445
VMScore
CVE-2021-31606
furlongm openvpn-monitor up to and including 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.
Openvpn-monitor Project Openvpn-monitor
384
VMScore
CVE-2021-31604
furlongm openvpn-monitor up to and including 1.1.3 allows CSRF to disconnect an arbitrary client.
Openvpn-monitor Project Openvpn-monitor
694
VMScore
CVE-2021-31605
furlongm openvpn-monitor up to and including 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.
Openvpn-monitor Project Openvpn-monitor
1 Github repository
383
VMScore
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
641
VMScore
CVE-2021-33526
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the servic...
Mbconnectline Mbdialup
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »