📦 Openvpn

OpenVPN clients before version 2.6.11 are vulnerable to log injection attacks when connecting to malicious servers. An attacker controlling an OpenVPN server can inject arbitrary data into client logs...

CVE-2024-27903 is a critical vulnerability in OpenVPN on Windows where plug-ins can be loaded from any directory, allowing attackers to execute arbitrary code with elevated privileges. This affects Op...

CVE-2023-46850 is a use-after-free vulnerability in OpenVPN that can lead to memory corruption, information disclosure, or remote code execution when processing network buffers. This affects OpenVPN s...

This vulnerability allows authentication bypass in OpenVPN when using external authentication plugins with deferred authentication replies. Attackers can gain access with only partially correct creden...

This vulnerability in OpenVPN allows attackers to hijack VPN sessions by spoofing source IP addresses, causing denial of service for legitimate clients. It affects OpenVPN servers running vulnerable v...

This vulnerability allows a lower-privileged process on Windows to create a named pipe that the OpenVPN GUI component automatically connects to, enabling privilege escalation to SYSTEM level. It affec...

This vulnerability allows remote attackers to cause a denial of service in OpenVPN servers by corrupting and replaying network packets during the early TLS handshake phase. It affects OpenVPN servers ...

CVE-2024-24974 allows remote attackers to interact with the privileged OpenVPN interactive service pipe, potentially enabling unauthorized access or control. This affects OpenVPN 2.6.9 and earlier ver...

This vulnerability in OpenVPN allows remote attackers to send crafted reset packets through the control channel, causing a denial of service (DoS) condition. It affects OpenVPN servers and clients run...

This vulnerability allows a man-in-the-middle attacker to bypass certificate authentication in OpenVPN 3 Core Library by presenting an unrelated server certificate with the same hostname specified in ...

A local denial-of-service vulnerability in OpenVPN's Windows interactive service agent allows authenticated local users to crash the service by triggering an error. This affects OpenVPN versions 2.5.0...