VYPR
Vendor

Tunnelblick

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2025-43711HigJul 5, 2025
    risk 0.53cvss 8.1epss 0.00

    Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.

  • CVE-2026-31893MedMay 5, 2026
    risk 0.29cvss 5.5epss 0.00

    Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible…

  • CVE-2012-3485Aug 26, 2012
    risk 0.03cvss epss 0.04

    Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.

  • CVE-2012-3483Aug 26, 2012
    risk 0.03cvss epss 0.00

    Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

  • CVE-2012-4677Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

  • CVE-2012-4676Aug 26, 2012
    risk 0.00cvss epss 0.00

    The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

  • CVE-2012-3487Aug 26, 2012
    risk 0.00cvss epss 0.00

    Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.

  • CVE-2012-3486Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.

  • CVE-2012-3484Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network…