Openvpn

Openvpn Access Server

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-8953

  • EPSS 0.43%
  • Published 13.02.2020 04:15:11
  • Last modified 21.11.2024 05:39:44

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

6.1

CVE-2017-5868

Exploit
  • EPSS 5.51%
  • Published 26.05.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" charact...

6.8

CVE-2014-8104

  • EPSS 1.47%
  • Published 03.12.2014 18:59:00
  • Last modified 12.04.2025 10:46:40

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8

CVE-2014-9104

Exploit
  • EPSS 0.23%
  • Published 26.11.2014 15:59:19
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting e...

6.8

CVE-2013-2692

  • EPSS 0.18%
  • Published 13.05.2014 14:55:09
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

2.6

CVE-2013-2061

Exploit
  • EPSS 1.45%
  • Published 18.11.2013 02:55:07
  • Last modified 11.04.2025 00:51:21

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and ...

4

CVE-2006-2229

  • EPSS 0.91%
  • Published 05.05.2006 19:02:00
  • Last modified 03.04.2025 01:03:51

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or ca...

9

CVE-2006-1629

  • EPSS 3.56%
  • Published 06.04.2006 22:04:00
  • Last modified 03.04.2025 01:03:51

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

5

CVE-2005-3409

  • EPSS 2.51%
  • Published 02.11.2005 00:02:00
  • Last modified 03.04.2025 01:03:51

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.

7.5

CVE-2005-3393

  • EPSS 1.62%
  • Published 01.11.2005 12:47:00
  • Last modified 03.04.2025 01:03:51

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.