CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34446
https://notcve.org/view.php?id=CVE-2024-34446
03 May 2024 — Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers. Mullvad VPN hasta 2024.1 en Android no configura un servidor DNS en estado de bloqueo (después de un error grave al crear un túnel) y, por lo tanto, el tráfico DNS puede salir del dispositivo. L... • https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50446
https://notcve.org/view.php?id=CVE-2023-50446
10 Dec 2023 — An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. Se descubrió un problema en la aplicación Mullvad VPN para Windows antes de 2023.6-beta1. Los permisos insuficientes en un directorio permiten que cualquier usuario local sin privilegios escale privilegios al SYSTEM. • https://github.com/mullvad/mullvadvpn-app/pull/5398 • CWE-732: Incorrect Permission Assignment for Critical Resource •