VYPR

VPN Client

by Shrew

CVEs (13)

  • CVE-2025-26169HigMay 7, 2025
    risk 0.53cvss 8.1epss 0.00

    IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable…

  • CVE-2025-26168HigMay 7, 2025
    risk 0.53cvss 8.1epss 0.00

    IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a…

  • CVE-2019-25283HigFeb 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or…

  • CVE-2025-11462HigOct 7, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator…

  • CVE-2025-40710LowJun 30, 2025
    risk 0.15cvss epss 0.00

    Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel,…

  • CVE-2021-31776Apr 29, 2021
    risk 0.00cvss epss 0.00

    Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

  • CVE-2020-27569Apr 21, 2021
    risk 0.00cvss epss 0.01

    Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.

  • CVE-2020-13417May 22, 2020
    risk 0.00cvss epss 0.02

    An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

  • CVE-2019-17387Dec 5, 2019
    risk 0.00cvss epss 0.01

    An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

  • CVE-2019-12578Jul 11, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher.64 binary is setuid root. This binary executes…

  • CVE-2019-6724Mar 18, 2019
    risk 0.00cvss epss 0.01

    The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.

  • CVE-2010-3361Oct 20, 2010
    risk 0.00cvss epss 0.00

    The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

  • CVE-2002-2225Dec 31, 2002
    risk 0.00cvss epss 0.03

    SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of…