Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Openvpn Openvpn 2.1.28.0
Privatetunnel Privatetunnel 2.3.8
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Openvpn Openvpn
Fedoraproject Fedora 34
Fedoraproject Fedora 36
Debian Debian Linux 9.0
NA
CVE-2023-7224
OpenVPN Connect version 3.0 up to and including 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Openvpn Connect
3.6
CVSSv2
CVE-2020-15075
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Openvpn Connect
7.5
CVSSv2
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
7.2
CVSSv2
CVE-2020-9442
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Openvpn Connect
1 Github repository
NA
CVE-2022-3761
OpenVPN Connect versions prior to 3.4.0.4506 (macOS) and OpenVPN Connect prior to 3.4.0.3100 (Windows) allows man-in-the-middle malicious users to intercept configuration profile download requests which contains the users credentials
Openvpn Connect
5
CVSSv2
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and previous versions. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Aviatrix Openvpn
4.4
CVSSv2
CVE-2021-3613
OpenVPN Connect 3.2.0 up to and including 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe)...
Openvpn Connect
7.2
CVSSv2
CVE-2021-35523
Securepoint SSL VPN Client v2 prior to 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and a...
Securepoint Openvpn-client
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »