2376 matches found
CVE-2018-9105
CVE-2018-9105 affects NordVPN 3.3.10 for macOS. The root cause is an unprotected XPC service within the privileged helper tool that handles OpenVPN connection requests from the main app. A malicious or compromised non-privileged app can connect to this XPC service, inject a crafted message, and s...
OpenVPN Cross-Site Scripting Vulnerability
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
Input validation
DISPUTED A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensiti...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
DEBIAN-CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
UBUNTU-CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
CVE-2018-7544
Removed by vendor...
CVE-2018-7544
CVE-2018-7544 affects OpenVPN up to 2.4.5 where the management interface, if exposed over TCP without authentication and no clients connected, allows cross-protocol scripting via XMLHttpRequest to localhost:23000. An attacker can issue arbitrary management commands, exfiltrate data, or trigger a ...
CVE-2018-7544
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...
PT-2018-18148 · Openvpn +3 · Openvpn +3
Name of the Vulnerable Software and Affected Versions: OpenVPN versions through 2.4.5 Description: A cross-protocol scripting issue was discovered in the management interface of OpenVPN. When this interface is enabled over TCP without a password and no other clients are connected, attackers can...
PrivateVPN for macOS Privilege Permission and Access Control Vulnerability (CNVD-2018-04750)
PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS-based platforms. An attacker can exploit the vulnerability by sending an XPC message to the XPC service with a...
CVE-2018-7716
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
CVE-2018-7716
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
Privilege escalation
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
CVE-2018-7716
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
CVE-2018-7716
PrivateVPN for macOS (v2.0.31) suffers a root privilege escalation via its com.privat.vpn.helper XPC service. The XPC interface accepts a config string that should reference an internal OpenVPN configuration, but an attacker can send a malicious XPC message directing the service to a config file ...
Unauthenticated OpenVPN Server Detection
The remote host is running an OpenVPN server. Based on its responses, the remote host appears to be in unauthenticated mode. This means that the tunnel is unencrypted and authentication is disabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...