CVE-2024-8474

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-212
View all →

Vulnerability Description

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic

Related Vulnerabilities

CVE-2002-0704

HIGH
CVSS:7.5(High)

The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

CWE-2122002

CVE-2018-6337

HIGH
CVSS:7.5(High)

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM...

CWE-2122018

CVE-2019-20637

HIGH
CVSS:7.5(High)

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next req...

CWE-2122019

CVE-2020-1940

HIGH
CVSS:7.5(High)

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates ...

CWE-2122020

CVE-2020-36476

HIGH
CVSS:7.5(High)

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data ...

CWE-2122020

CVE-2021-31780

HIGH
CVSS:7.5(High)

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event e...

CWE-2122021