Lucene search
K

2382 matches found

OSV
OSV
added 2021/09/27 6:15 a.m.25 views

PYSEC-2021-353

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...

7.8CVSS4.4AI score0.03314EPSS
Exploits2References3
CVE
CVE
added 2021/09/27 5:35 a.m.91 views

CVE-2021-31605

The CVE-2021-31605 issue affects furlongm openvpn-monitor up to version 1.1.3, where an input path of %0a allows command injection via the OpenVPN management interface socket. The underlying consequence stated is the potential shutdown of the server through signal SIGTERM. The Red Hat advisory an...

7.8CVSS7.7AI score0.03314EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 5:35 a.m.19 views

CVE-2021-31605

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...

8AI score0.03314EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/09/27 5:32 a.m.20 views

CVE-2021-31604

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...

6.7AI score0.00656EPSS
Exploits3References2
CVE
CVE
added 2021/09/27 5:32 a.m.87 views

CVE-2021-31604

CVE-2021-31604 affects furlongm/openvpn-monitor up to version 1.1.3. The issue is a cross-site request forgery (CSRF) that allows disconnecting an arbitrary client. Root cause: CSRF in the disconnect action handling. Impact is described as an ability to disrupt a client connection; CVSS data in t...

6.5CVSS6.5AI score0.00656EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 12:0 a.m.19 views

CVE-2021-31606

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...

7.7AI score0.02448EPSS
Exploits6References3
Positive Technologies
Positive Technologies
added 2021/09/27 12:0 a.m.5 views

PT-2021-19445 · Furlongm · Openvpn-Monitor

Name of the Vulnerable Software and Affected Versions: furlongm openvpn-monitor versions 1.1.3 and earlier Description: The issue allows for Authorization Bypass, enabling the disconnection of arbitrary clients. Recommendations: For furlongm openvpn-monitor versions 1.1.3 and earlier, update to a...

8.7CVSS7.3AI score0.02448EPSS
Exploits6References14
CVE
CVE
added 2021/09/27 12:0 a.m.85 views

CVE-2021-31606

CVE-2021-31606 affects furlongm openvpn-monitor up to and including version 1.1.3. The issue allows an Authorization Bypass that lets an attacker disconnect arbitrary clients. Exploitation details are not provided in the included documents beyond the bypass capability. The Red Hat, GHSA, OSV, and...

7.5CVSS7.3AI score0.02448EPSS
Exploits6References3Affected Software1
0day.today
0day.today
added 2021/09/25 12:0 a.m.431 views

OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service Vulnerabilities

OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE I...

7.5CVSS0.3AI score0.02448EPSS
Exploits6
0day.today
0day.today
added 2021/09/25 12:0 a.m.273 views

OpenVPN Monitor 1.1.3 Cross Site Request Forgery Vulnerability

OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Si...

7.5CVSS0.02448EPSS
Exploits7
0day.today
0day.today
added 2021/09/25 12:0 a.m.417 views

OpenVPN Monitor 1.1.3 Command Injection Vulnerability

OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID:...

7.8CVSS0.3AI score0.03314EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/09/24 12:0 a.m.289 views

OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE ID: CVE-2021-31606 Subject: Authorization Bypass Severity: Medium Effect: Denial of Service Author: Emanuel Duss...

0.9AI score0.02448EPSS
Exploits6
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.2 views

Openvpn OpenVPN 授权问题漏洞

Openvpn OpenVPN is a software package from the American company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificat...

7.5CVSS7.4AI score0.02448EPSS
Exploits6References4
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.2 views

Openvpn OpenVPN 跨站请求伪造漏洞

Openvpn OpenVPN is a software package from the US company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificate, or ...

6.5CVSS6.5AI score0.00656EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.2 views

Openvpn OpenVPN 命令注入漏洞

Openvpn OpenVPN is a software package from the US-based OpenVPN Openvpn for creating virtual private network VPN encrypted tunnels that use the OpenSSL library to encrypt data and control information, and allow created VPNs to be authenticated using a public key, an e-certificate, or a...

7.8CVSS7.5AI score0.03314EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2021/09/24 12:0 a.m.220 views

OpenVPN Monitor 1.1.3 Cross Site Request Forgery

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Site Request Forgery CSRF Severity: Medium Effect: Denial of Service Author:...

0.3AI score0.02448EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/09/24 12:0 a.m.322 views

OpenVPN Monitor 1.1.3 Command Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID: CVE-2021-31605 Subject: OpenVPN Management Socket Command Injection Severity: High Effect: Denial of Service...

7.5AI score0.03314EPSS
Exploits6
NCSC
NCSC
added 2021/09/24 12:0 a.m.6 views

Vulnerability fixed in OpenVPN Access Server

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...

6.1CVSS7.6AI score0.00722EPSS
Exploits0
OSV
OSV
added 2021/09/23 3:15 p.m.3 views

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2021/09/23 3:15 p.m.9 views

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

6.1CVSS0.00722EPSS
Exploits0References1
Rows per page
Query Builder