Vulnerabilities > Openvpn > Openvpn > 2.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-08 | CVE-2024-24974 | Unspecified vulnerability in Openvpn The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. | 7.5 |
2024-07-08 | CVE-2024-27459 | Out-of-bounds Write vulnerability in Openvpn The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. | 7.8 |
2024-07-08 | CVE-2024-27903 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
2022-03-18 | CVE-2022-0547 | Improper Authentication vulnerability in multiple products OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | 9.8 |