CVE-2024-34446

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-923
View all →

Vulnerability Description

Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.

Related Vulnerabilities

CVE-2024-24974

HIGH
CVSS:7.5(High)

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service...

CWE-9232024

CVE-2024-26013

HIGH
CVSS:7.5(High)

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through ...

CWE-9232024

CVE-2025-23178

HIGH
CVSS:7.6(High)

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-9232025

CVE-2023-28971

HIGH
CVSS:7.2(High)

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attack...

CWE-9232023

CVE-2024-26131

HIGH
CVSS:7.8(High)

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activi...

CWE-9232024