Connect
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31849 | Cri | 0.71 | 9.8 | 0.06 | Apr 5, 2024 | A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. | ||
| CVE-2026-22069 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | ||
| CVE-2021-44470 | 0.00 | — | 0.00 | Aug 18, 2022 | Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2021-3613 | 0.00 | — | 0.01 | Jul 2, 2021 | OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). | |||
| CVE-2020-15075 | 0.00 | — | 0.00 | Mar 30, 2021 | OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | |||
| CVE-2011-1506 | 0.00 | — | 0.02 | Mar 22, 2011 | The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in… |
- risk 0.71cvss 9.8epss 0.06
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
- risk 0.47cvss 7.3epss 0.00
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
- CVE-2021-44470Aug 18, 2022risk 0.00cvss —epss 0.00
Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2021-3613Jul 2, 2021risk 0.00cvss —epss 0.01
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
- CVE-2020-15075Mar 30, 2021risk 0.00cvss —epss 0.00
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
- CVE-2011-1506Mar 22, 2011risk 0.00cvss —epss 0.02
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in…