CVSS: 9.1EPSS: 1%CPEs: 85EXPL: 0CVE-2006-2229
https://notcve.org/view.php?id=CVE-2006-2229
05 May 2006 — OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. • http://openvpn.net/man.html •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-1629
https://notcve.org/view.php?id=CVE-2006-1629
06 Apr 2006 — OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. • http://openvpn.net/changelog.html •
CVSS: 7.5EPSS: 3%CPEs: 78EXPL: 0CVE-2005-3409
https://notcve.org/view.php?id=CVE-2005-3409
02 Nov 2005 — OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler. • http://openvpn.net/changelog.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2005-3393
https://notcve.org/view.php?id=CVE-2005-3393
01 Nov 2005 — Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. • http://marc.info/?l=bugtraq&m=113081023121059&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 74EXPL: 0CVE-2005-2532
https://notcve.org/view.php?id=CVE-2005-2532
24 Aug 2005 — OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. • http://openvpn.net/changelog.html •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2005-2531
https://notcve.org/view.php?id=CVE-2005-2531
24 Aug 2005 — OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. • http://openvpn.net/changelog.html •
CVSS: 5.9EPSS: 1%CPEs: 74EXPL: 0CVE-2005-2534
https://notcve.org/view.php?id=CVE-2005-2534
24 Aug 2005 — Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. • http://openvpn.net/changelog.html •
CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2005-2533
https://notcve.org/view.php?id=CVE-2005-2533
24 Aug 2005 — OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. • http://openvpn.net/changelog.html •