Vulnerabilities > Openvpn > Openvpn > 2.0.26
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2020-20813 | Unspecified vulnerability in Openvpn Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | 7.5 |
| 2021-07-02 | CVE-2021-3606 | Uncontrolled Search Path Element vulnerability in Openvpn OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). | 4.4 |
| 2021-04-26 | CVE-2020-15078 | Missing Authentication for Critical Function vulnerability in multiple products OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | 7.5 |
| 2018-03-16 | CVE-2018-7544 | Use of Externally-Controlled Format String vulnerability in Openvpn A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. | 9.1 |
| 2017-06-27 | CVE-2017-7522 | NULL Pointer Dereference vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | 4.0 |
| 2017-06-27 | CVE-2017-7521 | Missing Release of Resource after Effective Lifetime vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | 4.3 |
| 2017-06-27 | CVE-2017-7520 | Out-of-bounds Read vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | 4.0 |
| 2017-06-27 | CVE-2017-7508 | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | 5.0 |
| 2017-05-15 | CVE-2017-7479 | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | 4.0 |
| 2017-01-31 | CVE-2016-6329 | Information Exposure vulnerability in Openvpn OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | 4.3 |