ExpressVPN Bug Leaked DNS Requests for Windows Users

By Waqas Patch Your VPN! ExpressVPN Bug Leaks DNS Requests for Windows Users with Split Tunneling! This is a post from HackRead.com Read the original post: ExpressVPN Bug Leaked DNS Requests for Windows Users...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

Code injection

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

PT-2024-2361 · Expressvpn · Expressvpn

Name of the Vulnerable Software and Affected Versions: ExpressVPN versions prior to 12.73.0 on Windows Description: The issue is related to the split tunneling feature in ExpressVPN, which sends DNS requests according to the Windows configuration instead of using the ExpressVPN DNS servers. This...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

CVE-2024-25728

ExpressVPN has a DNS leakage issue on Windows for versions prior to 12.73.0 when split tunneling is enabled. The VPN forwards DNS requests according to Windows’ configuration (e.g., to ISP DNS servers) rather than to ExpressVPN’s DNS servers, which may allow remote attackers to infer websites vis...

CVE-2024-25728

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

ALPINE-CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

DEBIAN-CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

AZL-34629 CVE-2024-0684 affecting package coreutils for versions less than 9.4-5

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

UBUNTU-CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684 Coreutils: heap overflow in split --line-bytes with very long lines

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2024-0684

CVE-2024-0684 affects GNU coreutils split. A heap overflow in line_bytes_split() can be triggered by user-controlled data of hundreds of bytes, potentially causing an application crash and denial of service. Affected: coreutils split in vulnerable versions prior to fixed release. Public details i...

CVE-2024-0684 Coreutils: heap overflow in split --line-bytes with very long lines

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

Chain Split

github.com/ethereum/go-ethereum is vulnerable to Memory-Corruption. The vulnerability is due to mishandled memory copies during certain operations, like CALL-variants, leading to data corruption resulting in a consensus error and possible chain split...