Openvpn Gui vulnerabilities

CVE-2024-27459 [HIGH] CWE-121 CVE-2024-27459: The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

CVE-2023-7235 [HIGH] CWE-276 CVE-2023-7235: The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.