Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2018-7544
A cross-protocol scripting issue exists in the management interface in OpenVPN up to and including 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, ob...
Openvpn Openvpn
5.9
CVSSv3
CVE-2016-6329
OpenVPN, when using a 64-bit block cipher, makes it easier for remote malicious users to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" at...
Openvpn Openvpn
7.8
CVSSv3
CVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
Openvpn Openvpn
NA
CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 up to and including 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
Openvpn Openvpn 2.1
6.1
CVSSv3
CVE-2021-3824
OpenVPN Access Server 2.9.0 up to and including 2.9.4 allow remote malicious users to inject arbitrary web script or HTML via the web login page URL.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote malicious users to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and prior to 2.11.0 may contain a random generated admin password
Openvpn Openvpn Access Server
7.5
CVSSv3
CVE-2022-33738
OpenVPN Access Server prior to 2.11 uses a weak random generator used to create user session token for the web portal
Openvpn Openvpn Access Server
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
5.3
CVSSv3
CVE-2020-15077
OpenVPN Access Server 2.8.7 and previous versions versions allows a remote malicious users to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Openvpn Openvpn Access Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »