CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

CVE-2024-10396

CVE-2024-10396 affects the OpenAFS fileserver. A malformed ACL provided to the StoreACL RPC can crash the fileserver and may expose uninitialized memory or store garbage data in the audit log; malformed ACLs in FetchACL RPC responses can crash client processes and leak memory into other ACLs on t...

CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

PT-2024-16243 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memor...

CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

Authentication flaw

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

CVE-2024-24592

The connected Nessus entry ties CVE-2024-24592 to ClearML’s fileserver, indicating an unauthenticated file access flaw in ClearML

PT-2024-20474 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform affected versions not specified Description: The issue is related to a lack of authentication in the fileserver component, allowing a remote attacker to access, create, modify, and delete files without proper...

VulnCheck KEV: CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

Out-of-bounds

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

CVE-2024-0352 Likeshop HTTP POST Request File.php userFormImage unrestricted upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

SUSE CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...

SUSE CVE-2016-9772

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the 1 client cache partition, 2 fileserver vice partition, or 3 certain RPC responses...

Buffer overflow in Heimdal unwrap_des3()

Description The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet. Examples of where Samba can use GSSAPI include the client and...

The vulnerability of the Fileserver application of the Apache ActiveMQ software platform, which allows a hacker to download and execute any file they desire.

The vulnerability of the Fileserver application of the Apache ActiveMQ software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to upload and execute any file using the HTTP PUT method, followed by an HTTP MOVE request...