Lucene search
K

82 matches found

CNNVD
CNNVD
added 2023/07/06 12:0 a.m.5 views

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...

7.2CVSS8AI score0.0146EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.8 views

PT-2023-5081 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the set openvpn client function of the Milesight UR32L router's firmware. This vulnerability can be exploited by a remote attacker to...

8.3CVSS7.5AI score0.0146EPSS
Exploits1References5
OSV
OSV
added 2022/11/25 8:15 p.m.4 views

CVE-2022-44843

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function...

9.8CVSS5.8AI score0.01958EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.4 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK A7100RU version V7.4cu.2313B20191024, which stems from the discovery of a command injection vulnerability via the port number of the...

9.8CVSS8.4AI score0.01958EPSS
Exploits1References2
OSV
OSV
added 2022/10/14 5:15 p.m.3 views

CVE-2021-27406

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

8.8CVSS6AI score0.00921EPSS
Exploits0References1
NVD
NVD
added 2022/10/14 5:15 p.m.55 views

CVE-2021-27406

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

8.8CVSS0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/14 12:0 a.m.53 views

CVE-2021-27406 PerFact OpenVPN-Client

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

8.8CVSS8.8AI score0.00921EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.6 views

CVE-2021-27406 PerFact OpenVPN-Client

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

8.8CVSS8.7AI score0.00921EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/10 1:43 p.m.6 views

kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

9.8CVSS6.7AI score0.05279EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/02/25 12:0 a.m.6 views

PT-2021-6006 · Perfact · Openvpn-Client

Name of the Vulnerable Software and Affected Versions: PerFact OpenVPN-Client versions 1.4.1.0 and prior Description: The issue allows an attacker to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instan...

9CVSS8.8AI score0.00921EPSS
Exploits0References6
ICS
ICS
added 2021/02/25 12:0 a.m.71 views

PerFact OpenVPN-Client

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PerFact Equipment: OpenVPN-Client Vulnerability: External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for local privilege...

8.8CVSS9.4AI score0.00921EPSS
Exploits0References5
CNVD
CNVD
added 2020/10/30 12:0 a.m.3 views

Synology DiskStation Manager Trust Management Issue Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager DSM versions...

9CVSS6.6AI score0.00711EPSS
Exploits1References1
OSV
OSV
added 2020/10/29 9:15 a.m.2 views

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

9CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2020/10/29 9:15 a.m.4 views

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

9CVSS7.3AI score0.00711EPSS
Exploits1References2
Prion
Prion
added 2020/10/29 9:15 a.m.16 views

Input validation

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

6.8CVSS8.4AI score0.00711EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.4 views

PT-2020-16746 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue is related to improper certificate validation in the OpenVPN client, allowing man-in-the-middle attackers to spoof servers and obtain sensitive informatio...

9CVSS8.9AI score0.00711EPSS
Exploits1References5
Kitploit
Kitploit
added 2020/09/06 8:30 p.m.71 views

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2020/04/17 12:0 a.m.11 views

Aviatrix Systems OpenVPN client input validation error vulnerability

Aviatrix Systems OpenVPN client is a VPN Virtual Private Network client program from Aviatrix Systems, USA. An input validation error vulnerability exists in Aviatrix Systems OpenVPN client Linux, macOS, and Windows versions 2.5.7 and earlier. An attacker can exploit this vulnerability by changin...

9.8CVSS6.6AI score0.02251EPSS
Exploits0References1
OSV
OSV
added 2020/04/16 7:15 p.m.19 views

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...

9.8CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2018/05/25 7:29 p.m.3 views

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

7.8CVSS5.8AI score0.09905EPSS
Exploits4References2
Rows per page
Query Builder