2382 matches found
Design/Logic Flaw
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
CVE-2021-3824
OpenVPN Access Server 2.9.0–2.9.4 is affected by a cross‑site scripting (XSS) vulnerability in the web login page URL, allowing remote attackers to inject arbitrary web script/HTML. Root cause: improper handling of characters in the login page URL. Impact: potential execution of malicious script ...
Openvpn OpenVPN 跨站脚本漏洞
Openvpn OpenVPN is a software package from OpenVPN Openvpn Inc. that creates encrypted virtual private network VPN tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security...
The vulnerability of the OpenVPN Connect software lies in its shortcomings regarding system library calls. This allows a hacker to execute arbitrary code with the same level of privileges as the main OpenVPN process.
The vulnerability of the OpenVPN Connect software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code with the same level of privileges as the main OpenVPN process, using the OpenSSL configuration fil...
Amazon Linux AMI : openvpn (ALAS-2021-1531)
The version of openvpn installed on the remote host is prior to 2.4.11-1.48. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1531 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers...
ROS-2-641
2.641 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
ROS-2-1175
2.1175 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
ROS-2-1234
2.1234 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...
Important: openvpn
Issue Overview: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. CVE-2020-15078 Affected Packages: openvpn...
ROS-2-459
2.459 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...
ROS-2-1186
2.1186 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...
ROS-2-448
2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
PT-2022-10663
Name of the Vulnerable Software and Affected Versions netfilter affected versions not specified Description A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Recommendations At the moment,...
Design/Logic Flaw
In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...
CVE-2021-33526 Privilege escalation in mbDIALUP <= 3.9R0.0
In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...
CVE-2021-33526
CVE-2021-33526 affects MB connect line mbDIALUP versions
MB connect line mbDIALUP 输入验证错误漏洞
MB connect line mbDIALUP is an application from MB connect line. Developed by MB Connect Line GmbH for use by a Software Informer user. An input validation error vulnerability exists in MB connect line mbDIALUP, which originates in MB connect line mbDIALUP version = 3.9R0.0, and can be exploited ...
MB connect line mbDIALUP 安全漏洞
MB connect line mbDIALUP is an application from MB connect line. Developed by MB Connect Line GmbH for a Software Informer user. A security vulnerability exists in mbDIALUP, which originates in MB connect line mbDIALUP version = 3.9R0.0, and can be exploited by a low-privileged attacker to send a...