2382 matches found
PYSEC-2021-353
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
CVE-2021-31605
The CVE-2021-31605 issue affects furlongm openvpn-monitor up to version 1.1.3, where an input path of %0a allows command injection via the OpenVPN management interface socket. The underlying consequence stated is the potential shutdown of the server through signal SIGTERM. The Red Hat advisory an...
CVE-2021-31605
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
CVE-2021-31604
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...
CVE-2021-31604
CVE-2021-31604 affects furlongm/openvpn-monitor up to version 1.1.3. The issue is a cross-site request forgery (CSRF) that allows disconnecting an arbitrary client. Root cause: CSRF in the disconnect action handling. Impact is described as an ability to disrupt a client connection; CVSS data in t...
CVE-2021-31606
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
PT-2021-19445 · Furlongm · Openvpn-Monitor
Name of the Vulnerable Software and Affected Versions: furlongm openvpn-monitor versions 1.1.3 and earlier Description: The issue allows for Authorization Bypass, enabling the disconnection of arbitrary clients. Recommendations: For furlongm openvpn-monitor versions 1.1.3 and earlier, update to a...
CVE-2021-31606
CVE-2021-31606 affects furlongm openvpn-monitor up to and including version 1.1.3. The issue allows an Authorization Bypass that lets an attacker disconnect arbitrary clients. Exploitation details are not provided in the included documents beyond the bypass capability. The Red Hat, GHSA, OSV, and...
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service Vulnerabilities
OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE I...
OpenVPN Monitor 1.1.3 Cross Site Request Forgery Vulnerability
OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Si...
OpenVPN Monitor 1.1.3 Command Injection Vulnerability
OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID:...
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE ID: CVE-2021-31606 Subject: Authorization Bypass Severity: Medium Effect: Denial of Service Author: Emanuel Duss...
Openvpn OpenVPN 授权问题漏洞
Openvpn OpenVPN is a software package from the American company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificat...
Openvpn OpenVPN 跨站请求伪造漏洞
Openvpn OpenVPN is a software package from the US company OpenVPN Openvpn for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificate, or ...
Openvpn OpenVPN 命令注入漏洞
Openvpn OpenVPN is a software package from the US-based OpenVPN Openvpn for creating virtual private network VPN encrypted tunnels that use the OpenSSL library to encrypt data and control information, and allow created VPNs to be authenticated using a public key, an e-certificate, or a...
OpenVPN Monitor 1.1.3 Cross Site Request Forgery
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Site Request Forgery CSRF Severity: Medium Effect: Denial of Service Author:...
OpenVPN Monitor 1.1.3 Command Injection
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID: CVE-2021-31605 Subject: OpenVPN Management Socket Command Injection Severity: High Effect: Denial of Service...
Vulnerability fixed in OpenVPN Access Server
The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...