| Max CVSS | 7.2 | Min CVSS | 1.2 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-3485 | 7.2 |
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
|
13-12-2013 - 05:03 | 26-08-2012 - 19:55 | |
| CVE-2012-3486 | 6.9 |
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
|
27-08-2012 - 04:00 | 26-08-2012 - 19:55 | |
| CVE-2012-3487 | 1.2 |
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
|
27-08-2012 - 04:00 | 26-08-2012 - 19:55 | |
| CVE-2012-4676 | 1.2 |
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
|
27-08-2012 - 04:00 | 26-08-2012 - 19:55 | |
| CVE-2012-3484 | 7.2 |
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mounta
|
27-08-2012 - 04:00 | 26-08-2012 - 19:55 | |
| CVE-2012-3483 | 6.2 |
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
|
27-08-2012 - 04:00 | 26-08-2012 - 19:55 |