23 matches found
CVE-2026-50206
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
EUVD-2020-24706
Malware in sbrugna...
EUVD-2021-6986
Malicious code in bioql PyPI...
EUVD-2022-42724
Malicious code in bioql PyPI...
EUVD-2021-3268
Malicious code in bioql PyPI...
CVE-2022-3337
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2019-9584
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...
CVE-2024-46594
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2024-9707 · Draytek · Draytek Vigor
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor version 4.3.2.6 Description: The issue is related to a buffer overflow in the saveVPNProfile parameter at the "v2x00.cgi" API endpoint. This can be exploited by a remote attacker to cause a Denial of Service DoS via a crafted...
CVE-2022-3337
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
Information disclosure
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2021-0649
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSONVPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Design/Logic Flaw
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSONVPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0649
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSONVPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
ASB-A-191382886
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSONVPN with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security device allows a intruder to modify VPN profile files.
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security device is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify VPN profile files by sending specially created IPC...
Cisco AnyConnect Secure Mobility Client Input Validation Error Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. An input validation error vulnerability exists in the interprocess communication IPC channel of Cisco AnyConnect Secur...
CVE-2021-1519
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker...