Openvpn : Security Vulnerabilities, CVEs, (Code Execution)
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-11
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Max CVSS
9.0
EPSS Score
0.61%
Published
2006-04-06
Updated
2020-05-12
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
Max CVSS
7.5
EPSS Score
2.44%
Published
2005-11-01
Updated
2020-05-12
4 vulnerabilities found