cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-27903,https://securityvulnerability.io/vulnerability/CVE-2024-27903,Arbitrary Plug-in Loading Vulnerability in OpenVPN for Windows,"The OpenVPN software on Windows prior to version 2.6.9 has a significant security flaw that allows malicious actors to load arbitrary plug-ins from any directory. This vulnerability exploits improper validation during the loading process of OpenVPN plug-ins, enabling attackers to inject potentially harmful code into the privileged OpenVPN interactive service. The vulnerability poses a threat to users' systems and can lead to unauthorized actions performed under the open interactive service's context. Users are urged to update their OpenVPN installations promptly to mitigate the risks associated with this vulnerability.",Openvpn,Openvpn 2,9.8,CRITICAL,0.0006699999794363976,false,,true,false,true,2024-08-08T21:54:31.000Z,,false,false,,2024-07-08T10:27:40.125Z,0
CVE-2024-24974,https://securityvulnerability.io/vulnerability/CVE-2024-24974,Remote Interactive Service Vulnerability in OpenVPN,"A vulnerability exists in OpenVPN prior to version 2.6.9 that permits remote attackers to access the OpenVPN service pipe. This flaw enables potential unauthorized interaction with the OpenVPN interactive service, which operates with elevated privileges. Attackers who exploit this vulnerability could perform actions that compromise the integrity and confidentiality of the system running OpenVPN.",Openvpn,Openvpn 2,7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-07-08T10:20:34.520Z,0
CVE-2024-27459,https://securityvulnerability.io/vulnerability/CVE-2024-27459,Stack Overflow Vulnerability in OpenVPN Allows Arbitrary Code Execution,"The interactive service component of OpenVPN versions 2.6.9 and earlier is susceptible to a stack overflow vulnerability. This flaw enables attackers to send specially crafted data to the service, resulting in a stack overflow condition. Exploiting this vulnerability may allow the execution of arbitrary code, leading to elevated privileges on the affected system. Users of OpenVPN are encouraged to review their usage of the software and apply necessary security measures to mitigate potential risks.",Openvpn,Openvpn Gui,7.8,HIGH,0.0004199999966658652,false,,true,false,false,,,false,false,,2024-07-08T10:14:06.208Z,0
CVE-2023-7224,https://securityvulnerability.io/vulnerability/CVE-2023-7224,Local Users Can Execute Code in External Libraries via DYLD_INSERT_LIBRARIES Environment Variable,"A vulnerability exists within OpenVPN Connect versions 3.0 through 3.4.6 on macOS that can allow local users to execute arbitrary code by leveraging the DYLD_INSERT_LIBRARIES environment variable. This exploitation may enable malicious users to run unauthorized code using external third-party libraries, potentially compromising the integrity of the system. It is essential for users of OpenVPN Connect to ensure they are using a patched version to mitigate this risk.",OpenVPN,Connect,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-08T14:15:00.000Z,0
CVE-2023-46849,https://securityvulnerability.io/vulnerability/CVE-2023-46849,Denial of Service Vulnerability in OpenVPN by OpenVPN Technologies,"A vulnerability exists in OpenVPN versions 2.6.0 to 2.6.6 when using the --fragment option in certain configuration scenarios. This issue allows an attacker to exploit a divide by zero condition, potentially triggering application crashes and resulting in a denial of service. Users of the affected versions are encouraged to upgrade to the latest version to mitigate the risk associated with this vulnerability.",OpenVPN,"OpenVPN 2 (Community),Access Server",7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-11-11T01:15:00.000Z,0
CVE-2023-46850,https://securityvulnerability.io/vulnerability/CVE-2023-46850,Use After Free Vulnerability in OpenVPN by OpenVPN Technologies Inc.,"A vulnerability in OpenVPN, versions 2.6.0 to 2.6.6, allows for use after free conditions which can cause undefined behavior and memory leaks. This issue may enable an attacker to exploit the vulnerable application by sending crafted network buffers to a remote peer, potentially leading to remote execution of code.",OpenVPN,"OpenVPN 2 (Community),Access Server",9.8,CRITICAL,0.013179999776184559,false,,false,false,false,,,false,false,,2023-11-11T01:15:00.000Z,0
CVE-2020-20813,https://securityvulnerability.io/vulnerability/CVE-2020-20813,Denial of Service Vulnerability in OpenVPN by OpenVPN Technologies,"A vulnerability in OpenVPN 2.4.7 and earlier allows remote attackers to execute a denial of service attack by sending specially crafted reset packets. This can disrupt service availability, raising significant security concerns for users relying on the OpenVPN service. It is crucial for administrators to assess their OpenVPN deployments and apply appropriate security measures to mitigate potential risks associated with this vulnerability.",Openvpn,Openvpn,7.5,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2021-4234,https://securityvulnerability.io/vulnerability/CVE-2021-4234,Amplification Attack Vulnerability in OpenVPN Access Server,"OpenVPN Access Server versions up to 2.10 are vulnerable to an amplification attack. The vulnerability arises when a client sends a reset packet, prompting the server to resend multiple packets in response. If the client does not react to these responses, it can lead to a situation where an attacker exploits this behavior to amplify traffic, potentially overwhelming the network.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-07-06T19:10:17.000Z,0
CVE-2022-33738,https://securityvulnerability.io/vulnerability/CVE-2022-33738,Weak Random Generator in OpenVPN Access Server Web Portal,"OpenVPN Access Server prior to version 2.11 utilizes a weak random number generator for generating user session tokens within its web portal. This vulnerability can potentially expose user session information, compromising the security of sessions and enabling session hijacking. Users of OpenVPN Access Server are advised to upgrade to mitigate risks associated with this vulnerability.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-07-06T15:10:33.000Z,0
CVE-2022-33737,https://securityvulnerability.io/vulnerability/CVE-2022-33737,Log File Exposure in OpenVPN Access Server Installer,"The OpenVPN Access Server installer creates a log file that can be read by any user, which may contain a randomly generated administrative password. This vulnerability is present in versions 2.10.0 and earlier, potentially exposing sensitive information and allowing unauthorized access to administrative functionalities.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-07-06T15:09:08.000Z,0
CVE-2022-0547,https://securityvulnerability.io/vulnerability/CVE-2022-0547,Authentication Bypass in OpenVPN by OpenVPN Technologies,"OpenVPN versions 2.1 through 2.4.12 and 2.5.6 are susceptible to a vulnerability that permits authentication bypass when using external authentication plugins. This flaw arises when multiple plugins implement deferred authentication replies, allowing an external user to gain unauthorized access with incomplete credentials. This can compromise the integrity of secure connections, making it essential for users to upgrade to patched versions immediately to protect against potential exploits.",Openvpn,Openvpn,9.8,CRITICAL,0.006500000134110451,false,,false,false,false,,,false,false,,2022-03-18T18:00:20.000Z,0
CVE-2021-31605,https://securityvulnerability.io/vulnerability/CVE-2021-31605,Command Injection Vulnerability in OpenVPN-Monitor by Furlongm,"A critical command injection vulnerability exists in OpenVPN-Monitor versions prior to 1.1.3, exposing users to risks via the OpenVPN management interface socket. Attackers can exploit this weakness to inject malicious commands, possibly leading to unauthorized server shutdowns through the SIGTERM signal. It is essential for users to update to the latest version to safeguard their systems against potential exploits.",Openvpn-monitor Project,Openvpn-monitor,7.5,HIGH,0.006990000139921904,false,,false,false,false,,,false,false,,2021-09-27T05:35:24.000Z,0
CVE-2021-31606,https://securityvulnerability.io/vulnerability/CVE-2021-31606,Authorization Bypass Vulnerability in OpenVPN-Monitor by Furlongm,"The vulnerability allows unauthorized disconnection of clients by bypassing access controls in OpenVPN-Monitor version 1.1.3. Attackers can exploit this weakness to disrupt VPN services by disconnecting specific users, which may lead to denial of service scenarios. It's crucial for users of OpenVPN-Monitor to apply security patches and updates to safeguard their systems against potential exploitation of this flaw.",Openvpn-monitor Project,Openvpn-monitor,7.5,HIGH,0.003329999977722764,false,,false,false,false,,,false,false,,2021-09-27T00:00:00.000Z,0
CVE-2021-3547,https://securityvulnerability.io/vulnerability/CVE-2021-3547,,OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.,Openvpn,Openvpn 3 Core Library,7.4,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-07-12T10:35:52.000Z,0
CVE-2021-3613,https://securityvulnerability.io/vulnerability/CVE-2021-3613,,"OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).",Openvpn,Openvpn Connect,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-07-02T12:33:36.000Z,0
CVE-2021-3606,https://securityvulnerability.io/vulnerability/CVE-2021-3606,,"OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).",Openvpn,Openvpn-gui,7.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-07-02T12:30:38.000Z,0
CVE-2020-36382,https://securityvulnerability.io/vulnerability/CVE-2020-36382,,OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.,Openvpn,Openvpn Access Server,7.5,HIGH,0.0020200000144541264,false,,false,false,false,,,false,false,,2021-06-04T10:47:15.000Z,0
CVE-2020-15076,https://securityvulnerability.io/vulnerability/CVE-2020-15076,,Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.,Openvpn,Private Tunnel,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-05-26T18:17:57.000Z,0
CVE-2020-15078,https://securityvulnerability.io/vulnerability/CVE-2020-15078,,"OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.",Openvpn,Openvpn,7.5,HIGH,0.002899999963119626,false,,false,false,false,,,false,false,,2021-04-26T13:19:45.000Z,0
CVE-2020-15075,https://securityvulnerability.io/vulnerability/CVE-2020-15075,,OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.,Openvpn,Openvpn Connect,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-03-30T13:38:02.000Z,0
CVE-2020-15074,https://securityvulnerability.io/vulnerability/CVE-2020-15074,,OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.,Openvpn,Openvpn Access Server,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-07-14T17:27:31.000Z,0
CVE-2020-11462,https://securityvulnerability.io/vulnerability/CVE-2020-11462,,"An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-05-04T13:45:41.000Z,0
CVE-2020-9442,https://securityvulnerability.io/vulnerability/CVE-2020-9442,,"OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.",Openvpn,Connect,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2020-02-28T01:27:08.000Z,true,false,false,,2020-02-28T13:40:41.000Z,0
CVE-2020-8953,https://securityvulnerability.io/vulnerability/CVE-2020-8953,,OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).,Openvpn,Openvpn Access Server,9.8,CRITICAL,0.0030300000216811895,false,,false,false,false,,,false,false,,2020-02-13T03:13:02.000Z,0
CVE-2018-9336,https://securityvulnerability.io/vulnerability/CVE-2018-9336,,openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.,Openvpn,Openvpn,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-05-01T18:00:00.000Z,0