CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-31604 – OpenVPN Monitor 1.1.3 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-31604
24 Sep 2021 — furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. furlongm openvpn-monitor versiones hasta 1.1.3, permite una vulnerabilidad de tipo CSRF para desconectar un cliente arbitrario OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients. • https://packetstorm.news/files/id/164281 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2021-31605 – OpenVPN Monitor 1.1.3 Command Injection
https://notcve.org/view.php?id=CVE-2021-31605
24 Sep 2021 — furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. furlongm openvpn-monitor versiones hasta 1.1.3, permite una inyección de comandos %0a por medio del socket de la interfaz de administración de OpenVPN. Esto puede apagar el servidor por medio de signal%20SIGTERM OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands in... • https://packetstorm.news/files/id/164278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-31606 – OpenVPN Monitor 1.1.3 Authorization Bypass / Denial of Service
https://notcve.org/view.php?id=CVE-2021-31606
24 Sep 2021 — furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. furlongm openvpn-monitor versiones hasta 1.1.3 permite una Omisión de Autorización para desconectar clientes arbitrarios OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. • https://packetstorm.news/files/id/164274 • CWE-287: Improper Authentication •