Skip to main content

Tunnelblick

7 CVEs product

Monthly

CVE-2012-4677 MEDIUM This Month

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Tunnelblick
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2012-4676 LOW POC Monitor

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability. Rated low severity (CVSS 1.2). Public exploit code available and no vendor patch available.

Information Disclosure Tunnelblick
NVD
CVSS 2.0
1.2
EPSS
0.0%
CVE-2012-3487 LOW Monitor

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Race Condition Tunnelblick
NVD
CVSS 2.0
1.2
EPSS
0.0%
CVE-2012-3486 MEDIUM This Month

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Tunnelblick
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-3485 HIGH POC THREAT Act Now

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 27.8%.

Information Disclosure Tunnelblick
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
27.8%
CVE-2012-3484 HIGH This Week

Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Tunnelblick
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-3483 MEDIUM POC This Month

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Tunnelblick
NVD Exploit-DB
CVSS 2.0
6.2
EPSS
0.6%
EPSS 0% CVSS 4.4
MEDIUM This Month

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Tunnelblick
NVD
EPSS 0% CVSS 1.2
LOW POC Monitor

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability. Rated low severity (CVSS 1.2). Public exploit code available and no vendor patch available.

Information Disclosure Tunnelblick
NVD
EPSS 0% CVSS 1.2
LOW Monitor

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Race Condition Tunnelblick
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Tunnelblick
NVD
EPSS 28% CVSS 7.2
HIGH POC THREAT Act Now

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 27.8%.

Information Disclosure Tunnelblick
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Tunnelblick
NVD
EPSS 1% CVSS 6.2
MEDIUM POC This Month

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Tunnelblick
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy