CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25372
https://notcve.org/view.php?id=CVE-2022-25372
20 Feb 2022 — Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. Pritunl Client versiones hasta 1.2.3019.52 en Windows permite una escalada de privilegios local, relacionada con una entrada ACL para CREATOR OWNER en platform_windows.go • https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27519
https://notcve.org/view.php?id=CVE-2020-27519
30 Apr 2021 — Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. Pritunl Client versión v1.2.2550.20, contiene una vulnerabilidad de escalada de privilegios local en el componente pritunl-service. El vector de ataque es: configuración maliciosa de op... • https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25989
https://notcve.org/view.php?id=CVE-2020-25989
19 Nov 2020 — Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. Una escalada de privilegios mediante una escritura de archivos arbitraria en pritunl electron client versiones 1.0.1116.6 hasta v1.2.2550.20. Una explotación con éxito del problema puede permitir a un atacante ejecutar código en el sistema afectado con privilegios root • https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7064
https://notcve.org/view.php?id=CVE-2016-7064
21 Jul 2020 — A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage Se encontró un fallo en pritunl-client versiones anteriores a 1.0.1116.6. Una falta de verificación de firma conlleva a un filtrado de información confidencial • https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7063
https://notcve.org/view.php?id=CVE-2016-7063
21 Jul 2020 — A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. Se encontró un fallo en pritunl-client versiones anteriores a 1.0.1116.6. La escritura arbitraria en una ruta especificada por el usuario puede conllevar a una escalada de privilegios • https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •