Known Vulnerabilities for products from Openvpn
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openvpn".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0547 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-18 | 2023-11-07 |
| CVE-2021-3824 | OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login pag... | 6.1 - MEDIUM | 2021-09-23 | 2021-09-29 |
| CVE-2021-3613 | OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configurat... | 7.8 - HIGH | 2021-07-02 | 2021-07-09 |
| CVE-2021-3606 | OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL config... | 7.8 - HIGH | 2021-07-02 | 2021-07-09 |
| CVE-2021-3547 | OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by ... | 7.4 - HIGH | 2021-07-12 | 2022-10-27 |
| CVE-2020-36382 | OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via in... | 7.5 - HIGH | 2021-06-04 | 2022-09-20 |
| CVE-2020-20813 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-22 | 2023-08-25 |
| CVE-2020-15078 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on serv... | 7.5 - HIGH | 2021-04-26 | 2023-11-07 |
| CVE-2020-15077 | OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channe... | 5.3 - MEDIUM | 2021-06-04 | 2022-08-05 |
| CVE-2020-15076 | Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have acce... | 7.8 - HIGH | 2021-05-26 | 2021-06-02 |
| CVE-2020-15075 | OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via s... | 7.1 - HIGH | 2021-03-30 | 2021-04-06 |
| CVE-2020-15074 | OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing ... | 7.5 - HIGH | 2020-07-14 | 2021-11-23 |
| CVE-2020-11810 | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a vi... | 3.7 - LOW | 2020-04-27 | 2023-11-07 |
| CVE-2020-11462 | An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface e... | 7.5 - HIGH | 2020-05-04 | 2020-05-12 |
| CVE-2020-9442 | OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, whic... | 7.8 - HIGH | 2020-02-28 | 2020-03-03 |
| CVE-2020-8953 | OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor auth... | 9.8 - CRITICAL | 2020-02-13 | 2020-05-12 |
| CVE-2018-9336 | openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-... | 7.8 - HIGH | 2018-05-01 | 2018-06-13 |
| CVE-2018-7544 | ** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When thi... | 9.1 - CRITICAL | 2018-03-16 | 2023-11-07 |
| CVE-2017-12166 | OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is u... | 9.8 - CRITICAL | 2017-10-04 | 2022-05-12 |
| CVE-2017-7522 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via send... | 6.5 - MEDIUM | 2017-06-27 | 2017-07-07 |
Known software with vulnerabilities from Openvpn
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openvpn | Connect | 3.1.0.361 |
| Application | Openvpn | Openvpn | - |
| Application | Openvpn | Openvpn Access Server | 1.5.6 |