VYPR

Connect

by Kerio Technologies

CVEs (6)

  • CVE-2024-31849CriApr 5, 2024
    risk 0.71cvss 9.8epss 0.06

    A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

  • CVE-2026-22069HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

  • CVE-2021-44470Aug 18, 2022
    risk 0.00cvss epss 0.00

    Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2021-3613Jul 2, 2021
    risk 0.00cvss epss 0.01

    OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).

  • CVE-2020-15075Mar 30, 2021
    risk 0.00cvss epss 0.00

    OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

  • CVE-2011-1506Mar 22, 2011
    risk 0.00cvss epss 0.02

    The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in…