Vulnerabilities > Openvpn > Openvpn Access Server > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-11 CVE-2023-46849 Divide By Zero vulnerability in multiple products
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
network
low complexity
openvpn debian fedoraproject CWE-369
7.5
2022-07-06 CVE-2022-33737 Information Exposure Through Log Files vulnerability in Openvpn Access Server
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
network
low complexity
openvpn CWE-532
7.5
2020-02-13 CVE-2020-8953 Improper Authentication vulnerability in Openvpn Access Server 2.8.0
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
network
low complexity
openvpn CWE-287
7.5
2005-11-01 CVE-2005-3393 Remote Format String vulnerability in Openvpn and Openvpn Access Server
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
network
low complexity
openvpn
7.5