Pritunl

pritunl

6 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Pritunl Client Electron

pritunl-client-electron

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-25372 1Pritunl 1Pritunl Client Electron Nov 21, 2024 Feb 20, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
CVE-2020-27519 1Pritunl 1Pritunl Client Electron Nov 21, 2024 Apr 30, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append alo...Show more Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM.Show less
CVE-2020-25989 1Pritunl 1Pritunl Client Electron Nov 21, 2024 Nov 19, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privil...Show more Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.Show less
CVE-2020-25200 1Pritunl 1Pritunl Nov 21, 2024 Oct 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login att...Show more Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended designShow less
CVE-2016-7064 1Pritunl 1Pritunl Client Nov 21, 2024 Jul 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
CVE-2016-7063 1Pritunl 1Pritunl Client Nov 21, 2024 Jul 21, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.