CVE-2025-50055

OpenVPN Access Server 2.14.0–2.14.3 exposes an XSS vulnerability in the SAML Authentication module via the RelayState parameter. The issue allows an attacker-controlled RelayState to inject arbitrary script/HTML, potentially leading to client-side impact. The CVE description in official records n...

EUVD-2018-2148

Malware in sbrugna...

EUVD-2022-47147

Malicious code in bioql PyPI...

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...

OpenVPN Server versions 2.6.1 <= 2.6.13 DoS

OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...

openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2

Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a...

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...

OpenVPN Server versions 2.6.0 <= 2.6.10 Session Extension Vulnerability

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208125; scriptversion"1.3";...

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...

GL.iNet GL-AR750S-Ext 安全漏洞

The GL.iNet GL-AR750S-Ext is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet GL-AR750S-Ext version 3.215, which originates from the insertion of an administrator authentication token into a GET request when downloading the OpenVPN server...

CVE-2022-44199

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpnserverip...

CVE-2022-44197

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpnserverip...

NETGEAR R7000P 缓冲区错误漏洞

NETGEAR R7000P is a wireless router from NETGEAR, Inc. NETGEAR R7000P firmware version V1.3.1.64 is vulnerable to a buffer overflow vulnerability caused by a lack of length validation of the data entered in the openvpnserverip parameter, which could be exploited by an attacker to cause a denial o...

CVE-2022-44197

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpnserverip...

PT-2022-5715 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.1.64 Description: The issue is related to buffer overflow errors in the NETGEAR R7000P router's embedded software. Exploitation of this issue may allow a remote attacker to execute arbitrary code through the openvpn...

PT-2022-5717 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to a buffer overflow error in the Netgear R7000P router's software. This can be exploited by a remote attacker through the openvpn server ip parameter, potentially allowing the...

OpenVPN Monitor 1.1.3 Cross Site Request Forgery

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Site Request Forgery CSRF Severity: Medium Effect: Denial of Service Author:...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...