Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...

EUVD-2026-25282

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

PT-2026-34728

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.9 Mastodon versions prior to 4.4.16 Mastodon versions prior to 4.3.22 Description Mastodon allows restricting new user sign-up based on e-mail domain names and performs basic validation on e-mail addresses, but i...

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.5.9, 4.4.16, and 4.3.22 contained security vulnerabilities due to a lack of mechanisms to prevent certain email servers from interpreting characters differently...

CVE-2024-21622

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

PT-2024-18974 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 3.x prior to 3.9.6 Craft versions 4.x prior to 4.4.16 Description: This is a potential moderate impact, low complexity privilege escalation issue in Craft with certain user permissions setups. The issue has been fixed in Craft...

CVE-2022-36197

BigTree CMS 4.4.16 contains an arbitrary file upload vulnerability that enables remote code execution via a crafted PDF file. The issue is described across sources as an arbitrary file upload vulnerability affecting BigTree CMS, with CVE-2022-36197 (NVD: CVSS v3.1 base score 5.4; AV:N/AC:L/PR:L/U...

Information disclosure

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

Samba Server 'SMB 1/2/3' MitM Vulnerability (CVE-2017-12150)

Samba is prone to a MitM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Samba Server 'SMB3' MitM Vulnerability (CVE-2017-12151)

Samba is prone to a MitM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

Samba Server 'SMB1' Memory Information Leak Vulnerability (CVE-2017-12163)

Samba is prone to a memory information leak vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

SMB3 connections don't keep encryption across DFS redirects

Description Client command line tools like 'smbclient' as well as applications using 'libsmbclient' library have support for requiring encryption. This is activated by the '-e|--encrypt' command line option or the smbcsetOptionSmbEncryptionLevel library call. By default, only SMB1 is used in orde...