[SECURITY] Fedora 37 Update: netatalk-3.1.14-3.fc37

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP...

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

Deserialization of untrusted data

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...

CVE-2022-36974

Ivanti Avalanche 6.3.2.3490 is affected by a Web File Server deserialization vulnerability that leads to remote code execution with the service account. The issue stems from improper validation of untrusted data, allowing an attacker to bypass authentication and trigger code execution over the ne...

Ivanti Avalanche 代码问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A code issue vulnerability exists in Ivanti Avalanche version 6.3.2.3490, which stems from a lack of proper...

K95010211: Samba vulnerability CVE-2019-14907

Security Advisory Description All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provid...

SUSE CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...

SUSE CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

CVE-2023-25159 Nextcloud Server previews are accessible without a watermark

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...

CVE-2023-25159

CVE-2023-25159 affects Nextcloud Server and related components. Technical details from PT Security show the issue resides in OCFilesNodeFolder::getFullPath(), where improper validation/normalization can allow crafted paths to escape a user’s space, potentially overwriting other users’ data. Affec...

servst 路径遍历漏洞

servst is a simple file server by the individual developer Andrey Polischuk. A security vulnerability exists in servst versions prior to 2.0.3, which stems from the mishandling of the filePath variable that allows an attacker to implement directory traversal...

serve-lite 路径遍历漏洞

serve-lite is a lightweight http server for static file-based web development. A security vulnerability exists in serve-lite that stems from a lack of input cleanup or other checks and protections and a directory traversal vulnerability...

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in...

CVE-2022-46701

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. Details A Directory Traversal attack also known as path traversal aims to access files and...

Malicious Package

Overview aes44 is a malicious package. It leaks logins.json and key4.db Firefox logins and encryption data to a remote FTP server hosted on ftpupload.net. Remediation Avoid using all malicious instances of the aes44 package. Credit: Raul Onitza-Klugman from Snyk Research Team...

FreeBSD : krb5 -- Integer overflow vulnerabilities in PAC parsing (094e4a5b-6511-11ed-8c5e-206a8a720317)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 094e4a5b-6511-11ed-8c5e-206a8a720317 advisory. - The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by mean...