Vulnerabilities > Openvpn
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2020-15075 | Link Following vulnerability in Openvpn Connect OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | 3.6 |
| 2020-07-14 | CVE-2020-15074 | Insufficient Session Expiration vulnerability in Openvpn Access Server OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | 5.0 |
| 2020-05-04 | CVE-2020-11462 | XML Entity Expansion vulnerability in Openvpn Access Server An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. | 4.3 |
| 2020-04-27 | CVE-2020-11810 | Race Condition vulnerability in multiple products An issue was discovered in OpenVPN 2.4.x before 2.4.9. | 3.7 |
| 2020-02-28 | CVE-2020-9442 | Improper Preservation of Permissions vulnerability in Openvpn Connect 3.1.0.361 OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. | 7.2 |
| 2020-02-13 | CVE-2020-8953 | Improper Authentication vulnerability in Openvpn Access Server 2.8.0 OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | 7.5 |
| 2018-05-01 | CVE-2018-9336 | Double Free vulnerability in multiple products openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. | 4.6 |
| 2018-03-16 | CVE-2018-7544 | Use of Externally-Controlled Format String vulnerability in Openvpn A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. | 9.1 |
| 2017-10-04 | CVE-2017-12166 | Out-of-bounds Write vulnerability in multiple products OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | 6.8 |
| 2017-06-27 | CVE-2017-7522 | NULL Pointer Dereference vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | 4.0 |