MidnightBSD

Advisories for proton

CVE-2006-3293 MEDIUM

parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
proton energymech_irc_bot 2.8.1
proton energymech_irc_bot 2.8.5.1
proton energymech_irc_bot 3.0.1
proton energymech_irc_bot 2.8.2
proton energymech_irc_bot 2.8.4
proton energymech_irc_bot 2.9.4_dev
proton energymech_irc_bot 2.99.79
proton energymech_irc_bot 2.8.3
proton energymech_irc_bot 3.0
proton energymech_irc_bot 2.8
proton energymech_irc_bot 2.8.5
CVE-2022-50917

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
proton protonvpn 1.26.0
CVE-2024-37391

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.

Products Affected

Vendor Product Version
proton protonvpn *