Vulnerabilidades em OpenVPN

29 resultados

CVE-2024-1305CRITICALtap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can useEPSS 15.4%CVE-2024-24974HIGHThe interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attackerEPSS 9.8%CVE-2024-27903HIGHOpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitraryEPSS 8.9%CVE-2024-27459HIGHThe interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute aEPSS 8.3%CVE-2025-10680HIGHOpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variableEPSS 6.9%CVE-2023-46850—Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending netEPSS 2.0%CVE-2023-46849HIGHUsing the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero beEPSS 1.1%CVE-2024-5594CRITICALOpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arEPSS 0.8%CVE-2025-2704HIGHOpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting EPSS 0.8%CVE-2023-6247MEDIUMThe PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the applEPSS 0.8%CVE-2024-28882MEDIUMOpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the valiEPSS 0.7%CVE-2025-13086MEDIUMImproper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to openEPSS 0.6%CVE-2025-12106CRITICALInsufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IPEPSS 0.5%CVE-2024-8474HIGHOpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, EPSS 0.5%CVE-2024-4877HIGHOpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI cEPSS 0.4%CVE-2025-15497LOWInsufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resultinEPSS 0.3%CVE-2026-35058MEDIUMImproper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows EPSS 0.3%CVE-2023-7245HIGHThe nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to EPSS 0.3%CVE-2026-40215MEDIUMA race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash orEPSS 0.3%CVE-2023-7224HIGHOpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSEREPSS 0.2%

← anteriorpágina 1 / 2próxima →