Openvpn

Openvpn

38 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-20813

  • EPSS 0.24%
  • Published 22.08.2023 19:16:08
  • Last modified 21.11.2024 05:12:17

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

9.8

CVE-2022-0547

  • EPSS 0.56%
  • Published 18.03.2022 18:15:12
  • Last modified 23.04.2025 19:15:52

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially ...

7.4

CVE-2021-3547

  • EPSS 0.05%
  • Published 12.07.2021 11:15:08
  • Last modified 21.11.2024 06:21:48

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuratio...

7.8

CVE-2021-3606

  • EPSS 0.13%
  • Published 02.07.2021 13:15:07
  • Last modified 21.11.2024 06:21:57

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN proces...

7.5

CVE-2020-15078

  • EPSS 0.29%
  • Published 26.04.2021 14:15:08
  • Last modified 21.11.2024 05:04:45

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

4.3

CVE-2020-11810

Exploit
  • EPSS 2.37%
  • Published 27.04.2020 15:15:12
  • Last modified 21.11.2024 04:58:40

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have ...

7.8

CVE-2018-9336

Exploit
  • EPSS 0.09%
  • Published 01.05.2018 18:29:00
  • Last modified 21.11.2024 04:15:21

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory...

9.1

CVE-2018-7544

Exploit
  • EPSS 0.38%
  • Published 16.03.2018 15:29:00
  • Last modified 21.11.2024 04:12:20

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitra...

9.8

CVE-2017-12166

  • EPSS 5.14%
  • Published 04.10.2017 01:29:02
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

6.5

CVE-2017-7522

  • EPSS 1.48%
  • Published 27.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.