CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2025-58443

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

CVE-2024-40645

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

PT-2024-25928 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions 1.5.10 and earlier Description: The issue allows local users to gain privileges by mounting a crafted NFS share due to the lack of no root squash and insecure settings. To exploit this, an attacker must mount an NFS share and add...

PT-2023-29920 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10 Description: The issue affects FOG, a free open-source cloning/imaging/rescue suite/inventory management system. An endpoint intended for authenticated users to have limited enumeration abilities was accessible to...