OpenVPN — свободная реализация технологии виртуальной частной сети (VPN) с открытым исходным кодом для создания зашифрованных каналoв типа точка-точка или сервер-клиенты между компьютерами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 188
CVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
CVE-2021-3606
OpenVPN before version 2.5.3 on Windows allows local users to load arb ...
BDU:2021-03572
Уязвимость библиотеки OpenSSL программного обеспечения OpenVPN, позволяющая нарушителю выполнить произвольный код
CVE-2020-15078
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
CVE-2020-15078
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...
CVE-2020-15078
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
BDU:2021-02221
Уязвимость функции отложенной аутентификации deferred_auth программного обеспечения OpenVPN, позволяющая нарушителю вынудить сервер вернуть сообщение PUSH_REPLY c данными о настройках VPN до отправки сообщения AUTH_FAILED
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
CVE-2020-11810
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.
CVE-2020-11810
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-3606 OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). | CVSS3: 7.8 | 0% Низкий | около 4 лет назад |
| CVE-2021-3606 OpenVPN before version 2.5.3 on Windows allows local users to load arb ... | CVSS3: 7.8 | 0% Низкий | около 4 лет назад |
 | BDU:2021-03572 Уязвимость библиотеки OpenSSL программного обеспечения OpenVPN, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 0% Низкий | около 4 лет назад |
| CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ... | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
 | CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| BDU:2021-02221 Уязвимость функции отложенной аутентификации deferred_auth программного обеспечения OpenVPN, позволяющая нарушителю вынудить сервер вернуть сообщение PUSH_REPLY c данными о настройках VPN до отправки сообщения AUTH_FAILED | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| CVE-2020-27569 Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| CVE-2020-11810 An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. | CVSS3: 3.7 | 2% Низкий | больше 5 лет назад |
| CVE-2020-11810 An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ... | CVSS3: 3.7 | 2% Низкий | больше 5 лет назад |
Уязвимостей на страницу