Openvpn

Openvpn Access Server

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-8953

  • EPSS 0.43%
  • Veröffentlicht 13.02.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:44

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

6.1

CVE-2017-5868

Exploit
  • EPSS 5.51%
  • Veröffentlicht 26.05.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" charact...

6.8

CVE-2014-8104

  • EPSS 1.47%
  • Veröffentlicht 03.12.2014 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8

CVE-2014-9104

Exploit
  • EPSS 0.23%
  • Veröffentlicht 26.11.2014 15:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting e...

6.8

CVE-2013-2692

  • EPSS 0.18%
  • Veröffentlicht 13.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

2.6

CVE-2013-2061

Exploit
  • EPSS 1.45%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and ...

4

CVE-2006-2229

  • EPSS 0.91%
  • Veröffentlicht 05.05.2006 19:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or ca...

9

CVE-2006-1629

  • EPSS 3.56%
  • Veröffentlicht 06.04.2006 22:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

5

CVE-2005-3409

  • EPSS 2.51%
  • Veröffentlicht 02.11.2005 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.

7.5

CVE-2005-3393

  • EPSS 1.62%
  • Veröffentlicht 01.11.2005 12:47:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.