Lucene search
K

2382 matches found

Prion
Prion
added 2021/09/23 3:15 p.m.13 views

Design/Logic Flaw

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

4.3CVSS6.3AI score0.00722EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/23 2:53 p.m.16 views

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

6.5AI score0.00722EPSS
Exploits0References1
CVE
CVE
added 2021/09/23 2:53 p.m.59 views

CVE-2021-3824

OpenVPN Access Server 2.9.0–2.9.4 is affected by a cross‑site scripting (XSS) vulnerability in the web login page URL, allowing remote attackers to inject arbitrary web script/HTML. Root cause: improper handling of characters in the login page URL. Impact: potential execution of malicious script ...

6.1CVSS6.3AI score0.00722EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/23 12:0 a.m.4 views

Openvpn OpenVPN 跨站脚本漏洞

Openvpn OpenVPN is a software package from OpenVPN Openvpn Inc. that creates encrypted virtual private network VPN tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...

6.1CVSS6AI score0.00722EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/09/16 3:7 p.m.96 views

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security...

9.8CVSS1.8AI score0.05322EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/09/10 12:0 a.m.5 views

The vulnerability of the OpenVPN Connect software lies in its shortcomings regarding system library calls. This allows a hacker to execute arbitrary code with the same level of privileges as the main OpenVPN process.

The vulnerability of the OpenVPN Connect software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code with the same level of privileges as the main OpenVPN process, using the OpenSSL configuration fil...

7.8CVSS7.6AI score0.00568EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/09/09 12:0 a.m.32 views

Amazon Linux AMI : openvpn (ALAS-2021-1531)

The version of openvpn installed on the remote host is prior to 2.4.11-1.48. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1531 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers...

7.5CVSS7.3AI score0.05107EPSS
Exploits0References3
Redos
Redos
added 2021/09/08 12:0 a.m.27 views

ROS-2-641

2.641 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

4.3CVSS4.6AI score0.01609EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.15 views

ROS-2-1175

2.1175 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

3.7CVSS6.9AI score0.01609EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.20 views

ROS-2-1234

2.1234 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

7.5CVSS7.7AI score0.05107EPSS
Exploits0
Amazon
Amazon
added 2021/09/08 12:0 a.m.35 views

Important: openvpn

Issue Overview: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. CVE-2020-15078 Affected Packages: openvpn...

7.5CVSS7.7AI score0.05107EPSS
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.37 views

ROS-2-459

2.459 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

8.1CVSS7.3AI score0.06305EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.22 views

ROS-2-1186

2.1186 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

8.8CVSS7.3AI score0.05107EPSS
Exploits2
Redos
Redos
added 2021/09/08 12:0 a.m.31 views

ROS-2-448

2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

6.9AI score0.01609EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/09/08 12:0 a.m.10 views

PT-2022-10663

Name of the Vulnerable Software and Affected Versions netfilter affected versions not specified Description A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Recommendations At the moment,...

9.8CVSS8.3AI score0.06902EPSS
Exploits12References116
Prion
Prion
added 2021/08/02 11:15 a.m.25 views

Design/Logic Flaw

In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...

7.2CVSS7.9AI score0.00253EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/02 10:24 a.m.25 views

CVE-2021-33526 Privilege escalation in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...

7.8CVSS8.1AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2021/08/02 10:24 a.m.97 views

CVE-2021-33526

CVE-2021-33526 affects MB connect line mbDIALUP versions

7.8CVSS7.9AI score0.00253EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

MB connect line mbDIALUP 输入验证错误漏洞

MB connect line mbDIALUP is an application from MB connect line. Developed by MB Connect Line GmbH for use by a Software Informer user. An input validation error vulnerability exists in MB connect line mbDIALUP, which originates in MB connect line mbDIALUP version = 3.9R0.0, and can be exploited ...

10CVSS8.7AI score0.04524EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

MB connect line mbDIALUP 安全漏洞

MB connect line mbDIALUP is an application from MB connect line. Developed by MB Connect Line GmbH for a Software Informer user. A security vulnerability exists in mbDIALUP, which originates in MB connect line mbDIALUP version = 3.9R0.0, and can be exploited by a low-privileged attacker to send a...

7.8CVSS7.8AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder