CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12572
https://notcve.org/view.php?id=CVE-2019-12572
21 Jun 2019 — A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create direct... • https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15882 – Android Private Internet Access Denial of Service
https://notcve.org/view.php?id=CVE-2017-15882
26 Oct 2017 — The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. La aplicación London Trust Media Private Internet Access (PIA), en versiones anteriores a la 1.3.3.1 para Android permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo de lista de servidores VPN de gran tamaño. • https://packetstorm.news/files/id/144777 • CWE-400: Uncontrolled Resource Consumption •