Vulnerabilities > Openvpn > Low

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2020-15077 Improper Authentication vulnerability in Openvpn Access Server
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
network
openvpn CWE-287
3.5
2021-03-30 CVE-2020-15075 Link Following vulnerability in Openvpn Connect
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
local
low complexity
openvpn CWE-59
3.6
2020-04-27 CVE-2020-11810 Race Condition vulnerability in multiple products
An issue was discovered in OpenVPN 2.4.x before 2.4.9.
network
high complexity
openvpn debian fedoraproject CWE-362
3.7
2013-11-18 CVE-2013-2061 Information Exposure vulnerability in multiple products
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
network
high complexity
openvpn opensuse CWE-200
2.6
2005-08-24 CVE-2005-2533 Unspecified vulnerability in Openvpn
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
local
low complexity
openvpn
2.1
2005-08-24 CVE-2005-2534 Denial Of Service vulnerability in OpenVPN Same Client Certificate
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
network
high complexity
openvpn
2.6