Vulnerabilities > Openvpn > Openvpn > 2.5.4

DATE CVE VULNERABILITY TITLE RISK
2024-07-08 CVE-2024-24974 Unspecified vulnerability in Openvpn
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
network
low complexity
openvpn
7.5
2024-07-08 CVE-2024-27459 Out-of-bounds Write vulnerability in Openvpn
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
local
low complexity
openvpn CWE-787
7.8
2024-07-08 CVE-2024-27903 Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
network
low complexity
openvpn CWE-434
critical
9.8
2022-03-18 CVE-2022-0547 Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
network
low complexity
openvpn fedoraproject debian CWE-287
critical
9.8