The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-11
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Max CVSS
9.0
EPSS Score
0.61%
Published
2006-04-06
Updated
2020-05-12
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
Max CVSS
7.5
EPSS Score
2.44%
Published
2005-11-01
Updated
2020-05-12
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!