VYPR
Vendor

OpenVPN

Products
5
CVEs
72
Across products
83
Status
Private

Products

5

Recent CVEs

72
View all 72 CVEs →
  • CVE-2017-12166CriOct 4, 2017
    risk 0.64cvss 9.8epss 0.04

    OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

  • CVE-2018-7544CriMar 16, 2018
    risk 0.59cvss 9.1epss 0.02

    A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands,…

  • CVE-2025-10680HigOct 24, 2025
    risk 0.57cvss 8.8epss 0.07

    OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

  • CVE-2017-7478HigMay 15, 2017
    risk 0.53cvss 7.5epss 0.14

    OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

  • CVE-2026-9560HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.01

    Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

  • CVE-2017-7508HigJun 27, 2017
    risk 0.49cvss 7.5epss 0.05

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

  • CVE-2017-7520HigJun 27, 2017
    risk 0.48cvss 7.4epss 0.03

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

  • CVE-2017-7522MedJun 27, 2017
    risk 0.43cvss 6.5epss 0.06

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

  • CVE-2025-50055MedOct 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter

  • CVE-2017-7479MedMay 15, 2017
    risk 0.42cvss 6.5epss 0.02

    OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

  • CVE-2017-5868MedMay 26, 2017
    risk 0.40cvss 6.1epss 0.05

    CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to…

  • CVE-2017-7521MedJun 27, 2017
    risk 0.39cvss 5.9epss 0.04

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

  • CVE-2016-6329MedJan 31, 2017
    risk 0.39cvss 5.9epss 0.06

    OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

  • CVE-2026-35058MedJun 8, 2026
    risk 0.38cvss epss 0.00

    Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

  • CVE-2026-2738MedFeb 19, 2026
    risk 0.36cvss epss 0.00

    Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

  • CVE-2026-40215MedJun 8, 2026
    risk 0.33cvss epss 0.00

    A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

  • CVE-2014-5455MedAug 25, 2014
    risk 0.31cvss 5.3epss 0.01

    Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

  • CVE-2026-11604MedJun 10, 2026
    risk 0.29cvss epss 0.00

    An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash…

  • CVE-2025-15497LowJan 30, 2026
    risk 0.25cvss epss 0.00

    Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

  • CVE-2024-1305Jul 8, 2024
    risk 0.01cvss epss 0.15

    tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space