Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvpn vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-7520
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn 2.4.2
Openvpn Openvpn
1 Article
383
VMScore
CVE-2017-7521
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.2
Openvpn Openvpn 2.4.1
1 Article
356
VMScore
CVE-2017-7522
OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
Openvpn Openvpn
Openvpn Openvpn 2.4.2
1 Article
356
VMScore
CVE-2017-7479
OpenVPN versions prior to 2.3.15 and prior to 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Openvpn Openvpn
Openvpn Openvpn 2.4.0
Openvpn Openvpn 2.4.1
801
VMScore
CVE-2006-1629
OpenVPN 2.0 up to and including 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Openvpn Openvpn 2.0
Openvpn Openvpn Access Server 2.0.3
Openvpn Openvpn 2.0.4
Openvpn Openvpn Access Server 2.0.5
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn Access Server 2.0.2
668
VMScore
CVE-2005-3393
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
Openvpn Openvpn Access Server 2.0.1
Openvpn Openvpn Access Server 2.0.2
Openvpn Openvpn 2.0
Openvpn Openvpn 2.0 Beta11
517
VMScore
CVE-2021-3547
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle malicious user to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Openvpn Openvpn 3.6
Openvpn Openvpn 3.6.1
NA
CVE-2023-46849
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an malicious user to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Openvpn Openvpn
Openvpn Openvpn Access Server
Openvpn Openvpn Access Server 2.12.1
Openvpn Openvpn Access Server 2.12.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
NA
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Openvpn Openvpn
Openvpn Openvpn Access Server
Debian Debian Linux 12.0
Fedoraproject Fedora 39
NA
CVE-2020-20813
Control Channel in OpenVPN 2.4.7 and previous versions allows remote malicious users to cause a denial of service via crafted reset packet.
Openvpn Openvpn
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »