MidnightBSD

Advisories for privatetunnel

CVE-2014-5455 MEDIUM

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
openvpn openvpn 2.1.28.0
privatetunnel privatetunnel 2.3.8
CVE-2017-7720 MEDIUM

Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
privatetunnel privatetunnel 2.8
privatetunnel privatetunnel 2.7