63 matches found
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
OpenVPN Access Server Detected
This is an informational notice that the scanner was able to detect an OpenVPN Access Server on the target server. Note that this detection is included in the Remote Access Tools category. No source data...
SUSE CVE-2020-15077
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...
SUSE CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...
CVE-2021-4234
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...
CVE-2022-33738
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...
CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...
PT-2022-21853 · Openvpn · Openvpn Access Server
Name of the Vulnerable Software and Affected Versions: OpenVPN Access Server versions 2.10.0 through 2.10.x and versions prior to 2.11.0, can be simplified to: OpenVPN Access Server versions 2.10.0 through 2.11.0, but since 2.11.0 is not included, it is more accurate to say: OpenVPN Access Server...
OpenVPN 安全特征问题漏洞
OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows created VPNs to be authenticated using a public key, e-certificate, or username/password. A...
OpenVPN 日志信息泄露漏洞
OpenVPN is a software package from US-based OpenVPN Inc. for creating encrypted tunnels for virtual private networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
OpenVPN 安全漏洞
OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
CVE-2020-11462
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion XEE payload to the XMLRPC based RPC2 interface. The...
Vulnerability fixed in OpenVPN Access Server
The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
Openvpn OpenVPN 跨站脚本漏洞
Openvpn OpenVPN is a software package from OpenVPN Openvpn Inc. that creates encrypted virtual private network VPN tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...
CVE-2020-15077
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...
CVE-2020-15077
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...