Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29238 | 1 Expressvpn | 1 Expressvpn | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request. | |||||
| CVE-2018-15490 | 2 Expressvpn, Microsoft | 2 Expressvpn, Windows | 2019-01-30 | 6.6 MEDIUM | 7.1 HIGH |
| An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service. | |||||