2376 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-3908
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory whi...
Linux Distros Unpatched Vulnerability : CVE-2021-3773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...
Advisory ROSA-SA-2025-2939
Software: openvpn 2.5.8 OS: ROSA-CHROME unaffected versions = openvpn-2.5.8-2 affected versions openvpn-2.5.8-2 CVE-ID: CVE-2024-4877 BDU-ID: 2025-03850 CVE-Crit: MEDIUM CVE-DESC.: An Interactive Service iservice vulnerability in the OpenVPN GUI client of the OpenVPN software is related to access...
CVE-2025-6776
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can b...
CVE-2025-6776 xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can b...
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
openvpn-cms-flask 注入漏洞
openvpn-cms-flask is a web management system based on openvpn by xiaoyunjie individual developer in China. An injection vulnerability exists in openvpn-cms-flask 1.2.7 and earlier versions, which originates from a command injection due to the incorrect operation of the parameter Username in the...
openvpn-cms-flask 路径遍历漏洞
openvpn-cms-flask is a web management system based on openvpn by xiaoyunjie individual developer in China. A path traversal vulnerability exists in openvpn-cms-flask 1.2.7 and earlier versions, which is caused by a path traversal error in the parameter image in the file...
PT-2025-27255
Name of the Vulnerable Software and Affected Versions: xiaoyunjie openvpn-cms-flask versions 1.2.7 and earlier Description: A critical issue has been found in the User Creation Endpoint component, specifically affecting the create user function in the /app/api/v1/openvpn.py file. The manipulation...
PT-2025-27256
Name of the Vulnerable Software and Affected Versions: xiaoyunjie openvpn-cms-flask versions 1.2.7 and earlier Description: A critical issue was found in the File Upload component, specifically affecting the Upload function of the app/plugins/oss/app/controller.py file. The manipulation of the...
The vulnerability of the ovpn-dco-win software driver allows a hacker to trigger a service failure.
The vulnerability of the ovpn-dco-win software driver relates to operations that occur outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
OpenVPN Buffer Overflow Vulnerability (Jun 2025) - Windows
OpenVPN is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-50054
CVE-2025-50054 affects OpenVPN ovpn-dco-win, specifically versions 1.3.0 and earlier and 2.5.8 and earlier. The vulnerability is a kernel-driver buffer overflow that lets a local user send an oversized control message to the driver, potentially causing a system crash (local, high impact on availa...
OpenVPN ovpn-dco-win 安全漏洞
OpenVPN ovpn-dco-win is a virtual network adapter on Windows from OpenVPN. A security vulnerability exists in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier, which stems from a kernel driver buffer overflow that could cause a system crash...