cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8474,https://securityvulnerability.io/vulnerability/CVE-2024-8474,Profile Configuration Exposure in OpenVPN Connect,"An issue in OpenVPN Connect prior to version 3.5.0 allows the storage of the private key in clear text within the application logs. This exposure poses a significant risk, as an unauthorized actor gaining access to these logs could potentially decrypt VPN traffic, undermining the confidentiality and integrity of the communications. It is crucial for users to ensure they are using the latest version of the software to mitigate this risk.",Openvpn,Openvpn Connect,,,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-01-06T14:33:26.129Z,3422
CVE-2023-7245,https://securityvulnerability.io/vulnerability/CVE-2023-7245,Local User Execution of Arbitrary Code via ELECTRON_RUN_AS_NODE Environment Variable,"The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
",Openvpn,Openvpn Connect,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T11:08:29.089Z,0
CVE-2023-7224,https://securityvulnerability.io/vulnerability/CVE-2023-7224,Local Users Can Execute Code in External Libraries via DYLD_INSERT_LIBRARIES Environment Variable,"A vulnerability exists within OpenVPN Connect versions 3.0 through 3.4.6 on macOS that can allow local users to execute arbitrary code by leveraging the DYLD_INSERT_LIBRARIES environment variable. This exploitation may enable malicious users to run unauthorized code using external third-party libraries, potentially compromising the integrity of the system. It is essential for users of OpenVPN Connect to ensure they are using a patched version to mitigate this risk.",OpenVPN,Connect,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-08T14:15:00.000Z,0
CVE-2022-3761,https://securityvulnerability.io/vulnerability/CVE-2022-3761,Man-in-the-Middle Vulnerability in OpenVPN Connect for macOS and Windows,"OpenVPN Connect for macOS and Windows contains a vulnerability that could allow a malicious actor to intercept configuration profile download requests. This flaw can expose sensitive user credentials, thereby enabling unauthorized access. Users are advised to upgrade to the patched versions to mitigate this security risk.",Openvpn Inc,Openvpn Connect,5.9,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-10-17T12:10:36.100Z,0
CVE-2021-3613,https://securityvulnerability.io/vulnerability/CVE-2021-3613,,"OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).",Openvpn,Openvpn Connect,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-07-02T12:33:36.000Z,0
CVE-2020-15075,https://securityvulnerability.io/vulnerability/CVE-2020-15075,,OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.,Openvpn,Openvpn Connect,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-30T13:38:02.000Z,0
CVE-2020-9442,https://securityvulnerability.io/vulnerability/CVE-2020-9442,,"OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.",Openvpn,Connect,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2020-02-28T01:27:08.000Z,true,false,false,,2020-02-28T13:40:41.000Z,0