Filtered by vendor Openvpn
Subscriptions
Filtered by product Openvpn
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27459 | 1 Openvpn | 1 Openvpn | 2024-08-23 | 7.8 High |
| The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. | ||||
| CVE-2024-27903 | 1 Openvpn | 1 Openvpn | 2024-08-23 | 9.8 Critical |
| OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | ||||
| CVE-2024-24974 | 1 Openvpn | 1 Openvpn | 2024-08-10 | 7.5 High |
| The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. | ||||
| CVE-2005-3409 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2024-08-07 | N/A |
| OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler. | ||||
| CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2024-08-07 | N/A |
| Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. | ||||
| CVE-2005-2534 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
| Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | ||||
| CVE-2005-2531 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
| OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | ||||
| CVE-2005-2533 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
| OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | ||||
| CVE-2005-2532 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
| OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | ||||
| CVE-2006-2229 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2024-08-07 | N/A |
| OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. | ||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2024-08-07 | N/A |
| OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | ||||
| CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
| Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||||
| CVE-2013-2061 | 2 Opensuse, Openvpn | 3 Opensuse, Openvpn, Openvpn Access Server | 2024-08-06 | N/A |
| The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | ||||
| CVE-2014-8104 | 5 Canonical, Debian, Mageia and 2 more | 6 Ubuntu Linux, Debian Linux, Mageia and 3 more | 2024-08-06 | N/A |
| OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | ||||
| CVE-2014-5455 | 2 Openvpn, Privatetunnel | 2 Openvpn, Privatetunnel | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | ||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2024-08-06 | N/A |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | ||||
| CVE-2017-12166 | 2 Debian, Openvpn | 2 Debian Linux, Openvpn | 2024-08-05 | 9.8 Critical |
| OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | ||||
| CVE-2017-7508 | 1 Openvpn | 1 Openvpn | 2024-08-05 | N/A |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | ||||
| CVE-2017-7522 | 1 Openvpn | 1 Openvpn | 2024-08-05 | N/A |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | ||||
| CVE-2017-7521 | 1 Openvpn | 1 Openvpn | 2024-08-05 | N/A |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | ||||