Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:safervpn:safervpn:4.2.5:*:*:*:*:windows:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-25744 |
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. Published: September 17, 2020; 10:15:12 PM -0400 |
V3.1: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2018-10647 |
SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. Published: May 02, 2018; 3:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |