Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tunnelblick

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2012-3483
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.24% / 46.25%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-3484
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CVE-2012-3485
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-25.87% / 96.06%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3486
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CVE-2012-3487
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-1.2||LOW
EPSS-0.02% / 4.37%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-4676
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-1.2||LOW
EPSS-0.04% / 8.75%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-4677
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.53%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a