cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13454,https://securityvulnerability.io/vulnerability/CVE-2024-13454,Weak Encryption in Easy-RSA Versions by OpenVPN,"The vulnerability involves a weak encryption algorithm present in Easy-RSA versions from 3.0.5 to 3.1.7. This flaw allows local attackers to more easily bruteforce the private Certificate Authority (CA) key generated using OpenSSL 3, potentially compromising the security framework of key management within the OpenVPN ecosystem.",Openvpn,Easy-rsa,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-20T21:07:50.103Z,0
CVE-2024-5198,https://securityvulnerability.io/vulnerability/CVE-2024-5198,NULL Pointer Dereference Vulnerability in OpenVPN Driver for Windows,"The OpenVPN ovpn-dco driver for Windows version 1.1.1 is susceptible to a vulnerability that allows a local, unprivileged attacker to send malformed I/O control messages. This can lead to a NULL pointer dereference within the driver, which may cause the system to halt unexpectedly, disrupting services and potentially leading to further exploitation.",Openvpn,"Ovpn-dco,Openvpn-gui",3.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T12:57:25.205Z,0
CVE-2024-8474,https://securityvulnerability.io/vulnerability/CVE-2024-8474,Profile Configuration Exposure in OpenVPN Connect,"An issue in OpenVPN Connect prior to version 3.5.0 allows the storage of the private key in clear text within the application logs. This exposure poses a significant risk, as an unauthorized actor gaining access to these logs could potentially decrypt VPN traffic, undermining the confidentiality and integrity of the communications. It is crucial for users to ensure they are using the latest version of the software to mitigate this risk.",Openvpn,Openvpn Connect,,,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-01-06T14:33:26.129Z,3422
CVE-2024-5594,https://securityvulnerability.io/vulnerability/CVE-2024-5594,Injection Vulnerability in OpenVPN Affects Multiple Third-Party Executables,"A vulnerability exists in OpenVPN versions prior to 2.6.11, where improper sanitization of PUSH_REPLY messages allows attackers to inject arbitrary data. This can potentially compromise third-party executables or plugins, creating significant security risks. Users are advised to update to the latest version to mitigate this issue.",Openvpn,Openvpn,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-06T13:52:20.272Z,198
CVE-2024-28882,https://securityvulnerability.io/vulnerability/CVE-2024-28882,Multiple Exit Notifications in OpenVPN Server Role,OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session,Openvpn,Openvpn,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-08T22:15:00.000Z,0
CVE-2024-1305,https://securityvulnerability.io/vulnerability/CVE-2024-1305,Memory Buffer Overflow Vulnerability in tap-windows6 Driver,"tap-windows6 driver version 9.26 and earlier does not properly 
check the size data of incomming write operations which an attacker can 
use to overflow memory buffers, resulting in a bug check and potentially
 arbitrary code execution in kernel space",Openvpn,"Tap-windows6,Openvpn-gui",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-08T18:15:00.000Z,0
CVE-2024-27903,https://securityvulnerability.io/vulnerability/CVE-2024-27903,Arbitrary Plug-in Loading Vulnerability in OpenVPN for Windows,"The OpenVPN software on Windows prior to version 2.6.9 has a significant security flaw that allows malicious actors to load arbitrary plug-ins from any directory. This vulnerability exploits improper validation during the loading process of OpenVPN plug-ins, enabling attackers to inject potentially harmful code into the privileged OpenVPN interactive service. The vulnerability poses a threat to users' systems and can lead to unauthorized actions performed under the open interactive service's context. Users are urged to update their OpenVPN installations promptly to mitigate the risks associated with this vulnerability.",Openvpn,Openvpn 2,9.8,CRITICAL,0.0006699999794363976,false,,true,false,true,2024-08-08T21:54:31.000Z,,false,false,,2024-07-08T10:27:40.125Z,0
CVE-2024-24974,https://securityvulnerability.io/vulnerability/CVE-2024-24974,Remote Interactive Service Vulnerability in OpenVPN,"A vulnerability exists in OpenVPN prior to version 2.6.9 that permits remote attackers to access the OpenVPN service pipe. This flaw enables potential unauthorized interaction with the OpenVPN interactive service, which operates with elevated privileges. Attackers who exploit this vulnerability could perform actions that compromise the integrity and confidentiality of the system running OpenVPN.",Openvpn,Openvpn 2,7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-07-08T10:20:34.520Z,0
CVE-2024-27459,https://securityvulnerability.io/vulnerability/CVE-2024-27459,Stack Overflow Vulnerability in OpenVPN Allows Arbitrary Code Execution,"The interactive service component of OpenVPN versions 2.6.9 and earlier is susceptible to a stack overflow vulnerability. This flaw enables attackers to send specially crafted data to the service, resulting in a stack overflow condition. Exploiting this vulnerability may allow the execution of arbitrary code, leading to elevated privileges on the affected system. Users of OpenVPN are encouraged to review their usage of the software and apply necessary security measures to mitigate potential risks.",Openvpn,Openvpn Gui,7.8,HIGH,0.0004199999966658652,false,,true,false,false,,,false,false,,2024-07-08T10:14:06.208Z,0
CVE-2023-6247,https://securityvulnerability.io/vulnerability/CVE-2023-6247,OpenVPN 3 Core Library PKCS#7 Parser Vulnerability,"The PKCS#7 parser within OpenVPN 3 Core Library versions up to 3.8.3 contains a flaw in how it validates the parsed data. This vulnerability can allow malformed data to be processed incorrectly, potentially resulting in the application experiencing crashes. Such issues underline the importance of implementing proper data validation mechanisms to safeguard application integrity and ensure operational continuity.",OpenVPN,OpenVPN 3 Core Library,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:42:00.000Z,0
CVE-2023-7235,https://securityvulnerability.io/vulnerability/CVE-2023-7235,Non-standard installation path vulnerability in OpenVPN GUI installer allows arbitrary file execution,"The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.",Openvpn,Openvpn,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-21T10:55:15.487Z,0
CVE-2023-7245,https://securityvulnerability.io/vulnerability/CVE-2023-7245,Local User Execution of Arbitrary Code via ELECTRON_RUN_AS_NODE Environment Variable,"The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
",Openvpn,Openvpn Connect,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T11:08:29.089Z,0
CVE-2023-7224,https://securityvulnerability.io/vulnerability/CVE-2023-7224,Local Users Can Execute Code in External Libraries via DYLD_INSERT_LIBRARIES Environment Variable,"A vulnerability exists within OpenVPN Connect versions 3.0 through 3.4.6 on macOS that can allow local users to execute arbitrary code by leveraging the DYLD_INSERT_LIBRARIES environment variable. This exploitation may enable malicious users to run unauthorized code using external third-party libraries, potentially compromising the integrity of the system. It is essential for users of OpenVPN Connect to ensure they are using a patched version to mitigate this risk.",OpenVPN,Connect,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-08T14:15:00.000Z,0
CVE-2023-46849,https://securityvulnerability.io/vulnerability/CVE-2023-46849,Denial of Service Vulnerability in OpenVPN by OpenVPN Technologies,"A vulnerability exists in OpenVPN versions 2.6.0 to 2.6.6 when using the --fragment option in certain configuration scenarios. This issue allows an attacker to exploit a divide by zero condition, potentially triggering application crashes and resulting in a denial of service. Users of the affected versions are encouraged to upgrade to the latest version to mitigate the risk associated with this vulnerability.",OpenVPN,"OpenVPN 2 (Community),Access Server",7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-11-11T01:15:00.000Z,0
CVE-2023-46850,https://securityvulnerability.io/vulnerability/CVE-2023-46850,Use After Free Vulnerability in OpenVPN by OpenVPN Technologies Inc.,"A vulnerability in OpenVPN, versions 2.6.0 to 2.6.6, allows for use after free conditions which can cause undefined behavior and memory leaks. This issue may enable an attacker to exploit the vulnerable application by sending crafted network buffers to a remote peer, potentially leading to remote execution of code.",OpenVPN,"OpenVPN 2 (Community),Access Server",9.8,CRITICAL,0.013179999776184559,false,,false,false,false,,,false,false,,2023-11-11T01:15:00.000Z,0
CVE-2022-3761,https://securityvulnerability.io/vulnerability/CVE-2022-3761,Man-in-the-Middle Vulnerability in OpenVPN Connect for macOS and Windows,"OpenVPN Connect for macOS and Windows contains a vulnerability that could allow a malicious actor to intercept configuration profile download requests. This flaw can expose sensitive user credentials, thereby enabling unauthorized access. Users are advised to upgrade to the patched versions to mitigate this security risk.",Openvpn Inc,Openvpn Connect,5.9,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-10-17T12:10:36.100Z,0
CVE-2020-20813,https://securityvulnerability.io/vulnerability/CVE-2020-20813,Denial of Service Vulnerability in OpenVPN by OpenVPN Technologies,"A vulnerability in OpenVPN 2.4.7 and earlier allows remote attackers to execute a denial of service attack by sending specially crafted reset packets. This can disrupt service availability, raising significant security concerns for users relying on the OpenVPN service. It is crucial for administrators to assess their OpenVPN deployments and apply appropriate security measures to mitigate potential risks associated with this vulnerability.",Openvpn,Openvpn,7.5,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2021-4234,https://securityvulnerability.io/vulnerability/CVE-2021-4234,Amplification Attack Vulnerability in OpenVPN Access Server,"OpenVPN Access Server versions up to 2.10 are vulnerable to an amplification attack. The vulnerability arises when a client sends a reset packet, prompting the server to resend multiple packets in response. If the client does not react to these responses, it can lead to a situation where an attacker exploits this behavior to amplify traffic, potentially overwhelming the network.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-07-06T19:10:17.000Z,0
CVE-2022-33738,https://securityvulnerability.io/vulnerability/CVE-2022-33738,Weak Random Generator in OpenVPN Access Server Web Portal,"OpenVPN Access Server prior to version 2.11 utilizes a weak random number generator for generating user session tokens within its web portal. This vulnerability can potentially expose user session information, compromising the security of sessions and enabling session hijacking. Users of OpenVPN Access Server are advised to upgrade to mitigate risks associated with this vulnerability.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-07-06T15:10:33.000Z,0
CVE-2022-33737,https://securityvulnerability.io/vulnerability/CVE-2022-33737,Log File Exposure in OpenVPN Access Server Installer,"The OpenVPN Access Server installer creates a log file that can be read by any user, which may contain a randomly generated administrative password. This vulnerability is present in versions 2.10.0 and earlier, potentially exposing sensitive information and allowing unauthorized access to administrative functionalities.",Openvpn,Openvpn Access Server,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-07-06T15:09:08.000Z,0
CVE-2022-0547,https://securityvulnerability.io/vulnerability/CVE-2022-0547,Authentication Bypass in OpenVPN by OpenVPN Technologies,"OpenVPN versions 2.1 through 2.4.12 and 2.5.6 are susceptible to a vulnerability that permits authentication bypass when using external authentication plugins. This flaw arises when multiple plugins implement deferred authentication replies, allowing an external user to gain unauthorized access with incomplete credentials. This can compromise the integrity of secure connections, making it essential for users to upgrade to patched versions immediately to protect against potential exploits.",Openvpn,Openvpn,9.8,CRITICAL,0.006500000134110451,false,,false,false,false,,,false,false,,2022-03-18T18:00:20.000Z,0
CVE-2021-31605,https://securityvulnerability.io/vulnerability/CVE-2021-31605,Command Injection Vulnerability in OpenVPN-Monitor by Furlongm,"A critical command injection vulnerability exists in OpenVPN-Monitor versions prior to 1.1.3, exposing users to risks via the OpenVPN management interface socket. Attackers can exploit this weakness to inject malicious commands, possibly leading to unauthorized server shutdowns through the SIGTERM signal. It is essential for users to update to the latest version to safeguard their systems against potential exploits.",Openvpn-monitor Project,Openvpn-monitor,7.5,HIGH,0.006990000139921904,false,,false,false,false,,,false,false,,2021-09-27T05:35:24.000Z,0
CVE-2021-31604,https://securityvulnerability.io/vulnerability/CVE-2021-31604,CSRF Vulnerability in OpenVPN Monitor by Furlongm,"OpenVPN Monitor versions up to 1.1.3 are susceptible to Cross-Site Request Forgery (CSRF) attacks, which can enable unauthorized disconnection of arbitrary clients. This vulnerability poses a significant risk to network integrity and user session management. Attackers may exploit this weakness to disrupt service availability or manipulate client connections. Users of OpenVPN Monitor are advised to implement necessary security measures and update to the latest version to mitigate these risks.",Openvpn-monitor Project,Openvpn-monitor,6.5,MEDIUM,0.0017300000181421638,false,,false,false,false,,,false,false,,2021-09-27T05:32:34.000Z,0
CVE-2021-31606,https://securityvulnerability.io/vulnerability/CVE-2021-31606,Authorization Bypass Vulnerability in OpenVPN-Monitor by Furlongm,"The vulnerability allows unauthorized disconnection of clients by bypassing access controls in OpenVPN-Monitor version 1.1.3. Attackers can exploit this weakness to disrupt VPN services by disconnecting specific users, which may lead to denial of service scenarios. It's crucial for users of OpenVPN-Monitor to apply security patches and updates to safeguard their systems against potential exploitation of this flaw.",Openvpn-monitor Project,Openvpn-monitor,7.5,HIGH,0.003329999977722764,false,,false,false,false,,,false,false,,2021-09-27T00:00:00.000Z,0
CVE-2021-3824,https://securityvulnerability.io/vulnerability/CVE-2021-3824,Remote Code Injection in OpenVPN Access Server Web Login Interface,"The OpenVPN Access Server versions 2.9.0 through 2.9.4 are susceptible to a vulnerability that allows remote attackers to inject arbitrary web scripts or HTML code via the web login page URL. This flaw could potentially enable attackers to execute malicious scripts in the context of a user’s session, compromising the integrity and confidentiality of sensitive information. Users of affected versions are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Openvpn,Openvpn Access Server,6.1,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-09-23T14:53:51.000Z,0