65 matches found
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
OpenVPN Connect 安全漏洞
OpenVPN Connect is a VPN Virtual Private Network client application from OpenVPN USA. A security vulnerability exists in OpenVPN Connect versions prior to 3.5.0, which stems from a plaintext private key in the configuration file being recorded in the application logs, which can be used by...
PT-2025-1013 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions prior to 3.5.0 Description: The issue is related to the logging of clear-text private keys in the application log, which can be used by an unauthorized actor to decrypt VPN traffic. This could allow attackers to acces...
The vulnerability of the OpenVPN Connect software lies in the overflow of buffers in the stack, which allows a hacker to elevate their privileges and execute arbitrary code.
The vulnerability of the OpenVPN Connect software is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the OpenVPN Connect software lies in the insufficient restriction of connection channels for specified endpoints. This allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the OpenVPN Connect software is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the Node.js software library OpenVPN Connect allows a hacker to execute arbitrary code.
The vulnerability of the Node.js software product OpenVPN Connect relates to the lack of measures to neutralize instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2023-7245
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...
CVE-2023-7245
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...
CVE-2023-7245
OpenVPN Connect contains a local arbitrary-code execution vulnerability (CVE-2023-7245) in the nodejs/Electron runtime context. Affected: OpenVPN Connect 3.0–3.4.3 on Windows and 3.0–3.4.7 on macOS. Root cause: improper configuration of the nodejs environment, enabling ELECTRON_RUN_AS_NODE to exe...
OpenVPN Connect Security Breach
OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect that originates from allowing a local attacker to execute arbitrary code in the context of a nodejs process via the ELECTRONRUNASNODE environment variable...
PT-2024-3588 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.3 Windows OpenVPN Connect versions 3.0 through 3.4.7 macOS Description: The issue is related to the nodejs framework in OpenVPN Connect, which was not properly configured. This configuration issue allo...
The vulnerability of the OpenVPN Connect software lies in its inability to properly execute instructions in the dynamically executed code, allowing a violator to execute arbitrary code.
The vulnerability of the OpenVPN Connect software is related to the failure to implement measures to neutralize the instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code using the DYILDINSERTLIBRARIES environment variable...
CVE-2023-7224
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...
CVE-2023-7224
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...
PT-2024-1066 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...
OpenVPN Connect Security Breach
OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect versions 3.0 through 3.4.6, which stems from a vulnerability that allows local users to execute code in external third-party libraries using the...
The vulnerability of the OpenVPN Connect software is related to errors in the authentication process, which allows a hacker to carry out a man-in-the-middle attack.
The vulnerability of the OpenVPN Connect software is related to errors in the authentication process. Exploiting this vulnerability allows a remote attacker to carry out a man-in-the-middle attack...
CVE-2022-3761
OpenVPN Connect versions before 3.4.0.4506 macOS and OpenVPN Connect before 3.4.0.3100 Windows allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials...