Vpn@* Security Vulnerabilities and Issues — Vpn@* CVE List

Lucene search

SoftetherVpn*

10 matches found

CVE•added 2023/10/12 4:15 p.m.•61 views

CVE-2023-27395

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerab...

9CVSS8.3AI score0.00562EPSS

CVE•added 2023/10/12 4:15 p.m.•56 views

CVE-2023-32275

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

5.5CVSS5.1AI score0.00055EPSS

CVE•added 2023/10/12 4:15 p.m.•51 views

CVE-2023-25774

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

7.5CVSS7.5AI score0.00069EPSS

CVE•added 2023/10/12 4:15 p.m.•49 views

CVE-2023-27516

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

7.8CVSS7.8AI score0.0005EPSS

CVE•added 2023/10/12 4:15 p.m.•44 views

CVE-2023-22325

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

5.9CVSS6.1AI score0.00315EPSS

CVE•added 2023/10/12 4:15 p.m.•43 views

CVE-2023-31192

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

5.3CVSS5.5AI score0.00362EPSS

CVE•added 2024/06/26 7:15 p.m.•43 views

CVE-2024-38520

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response pac...

5.3CVSS5.2AI score0.00211EPSS

CVE•added 2023/10/12 4:15 p.m.•33 views

CVE-2023-32634

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

7.8CVSS7.5AI score0.00013EPSS

CVE•added 2023/10/12 4:15 p.m.•28 views

CVE-2023-23581

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.

7.5CVSS7.5AI score0.00068EPSS

CVE•added 2023/10/12 4:15 p.m.•27 views

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

7.5CVSS7.5AI score0.0009EPSS