23 matches found
PT-2025-41361
Critical vulnerability alert - AWS Client VPN for macOS. Vuln info, including versions and reference links, at SecAlerts: CVE-2021-11462, CVSS 9.3 - https://t.co/8NvHlAebRR ciso cio cto vulnerabilities cybersecurity secalerts msp mssp CVE202511462 awsclient aws https://t.co/RVMw6YoXbF...
CVE-2025-11462 Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...
EUVD-2025-22458
Malicious code in bioql PyPI...
EUVD-2024-28101
Malicious code in bioql PyPI...
EUVD-2024-28100
Malicious code in bioql PyPI...
CVE-2025-8069
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-8069
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
CVE-2025-8069
CVE-2025-8069 affects AWS Client VPN Windows client. The installation process reads an OpenSSL configuration file from an unprotected directory (C:\usr\local\windows-x86_64-openssl-localbuild\ssl), allowing a non-admin user to insert malicious config. If an admin starts the installer, that code c...
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...
PT-2025-30596 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: AWS Client VPN versions 4.1.0 through 5.2.1 Description: A high-severity vulnerability exists in AWS Client VPN for Windows that allows local privilege escalation. During the client installation process, the software references the directory...
CVE-2024-30165
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
CVE-2024-30165
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164...
CVE-2024-30165
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164...
CVE-2024-30165
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
CVE-2024-30164
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...