Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Openvpn Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3824 1 Openvpn 1 Openvpn Access Server 2021-09-29 4.3 MEDIUM 6.1 MEDIUM
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
CVE-2020-15077 1 Openvpn 1 Openvpn Access Server 2021-06-11 3.5 LOW 5.3 MEDIUM
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
CVE-2017-7521 1 Openvpn 1 Openvpn 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVE-2017-7479 1 Openvpn 1 Openvpn 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
CVE-2016-6329 1 Openvpn 1 Openvpn 2019-07-09 4.3 MEDIUM 5.9 MEDIUM
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
CVE-2017-7522 1 Openvpn 1 Openvpn 2017-07-07 4.0 MEDIUM 6.5 MEDIUM
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVE-2017-5868 1 Openvpn 1 Openvpn Access Server 2017-06-06 4.3 MEDIUM 6.1 MEDIUM
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.