Vulnerabilities > Openvpn

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-15074 Insufficient Session Expiration vulnerability in Openvpn Access Server
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
network
low complexity
openvpn CWE-613
5.0
2020-05-04 CVE-2020-11462 XML Entity Expansion vulnerability in Openvpn Access Server
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3.
network
openvpn CWE-776
4.3
2020-04-27 CVE-2020-11810 Race Condition vulnerability in multiple products
An issue was discovered in OpenVPN 2.4.x before 2.4.9.
4.3
2020-02-28 CVE-2020-9442 Improper Preservation of Permissions vulnerability in Openvpn Connect 3.1.0.361
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
local
low complexity
openvpn CWE-281
7.2
2020-02-13 CVE-2020-8953 Improper Authentication vulnerability in Openvpn Access Server 2.8.0
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
network
low complexity
openvpn CWE-287
7.5
2018-05-01 CVE-2018-9336 Double Free vulnerability in multiple products
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service.
local
low complexity
openvpn slackware CWE-415
4.6
2018-03-16 CVE-2018-7544 USE of Externally-Controlled Format String vulnerability in Openvpn
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5.
network
low complexity
openvpn CWE-134
6.4
2017-10-04 CVE-2017-12166 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openvpn
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
network
openvpn CWE-119
6.8
2017-06-27 CVE-2017-7522 Null Pointer Dereference vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
network
low complexity
openvpn CWE-476
4.0
2017-06-27 CVE-2017-7521 Missing Release of Resource After Effective Lifetime vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
network
openvpn CWE-772
4.3