Show filters
31 Total Results
Displaying 1-10 of 31
Sort by:
Attacker Value
Unknown

CVE-2024-4944

Disclosure Date: July 09, 2024 (last updated August 23, 2024)
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.
Attacker Value
Unknown

CVE-2024-3661

Disclosure Date: May 06, 2024 (last updated January 16, 2025)
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Attacker Value
Unknown

CVE-2023-5593

Disclosure Date: November 20, 2023 (last updated January 04, 2025)
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.
Attacker Value
Unknown

CVE-2023-5748

Disclosure Date: November 07, 2023 (last updated November 15, 2023)
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
Attacker Value
Unknown

CVE-2022-46783

Disclosure Date: August 28, 2023 (last updated October 08, 2023)
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book.
Attacker Value
Unknown

CVE-2021-27932

Disclosure Date: August 25, 2023 (last updated October 08, 2023)
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
Attacker Value
Unknown

CVE-2022-46782

Disclosure Date: August 05, 2023 (last updated October 08, 2023)
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.
Attacker Value
Unknown

CVE-2022-35416

Disclosure Date: July 11, 2022 (last updated October 07, 2023)
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
Attacker Value
Unknown

CVE-2021-36809

Disclosure Date: March 08, 2022 (last updated October 07, 2023)
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
Attacker Value
Unknown

CVE-2018-13283

Disclosure Date: April 01, 2019 (last updated November 27, 2024)
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
0