CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Tenable Nessus•added 2024/07/05 12:0 a.m.•19 views

SUSE SLED12 / SLES12 Security Update : netatalk (SUSE-SU-2024:2301-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2301-1 advisory. - CVE-2024-38439: Fixed a heap buffer overflow because of setting ibufPASSWDLEN to \0 in FPLoginExt in login i...

9.8CVSS8.6AI score0.00718EPSS

Exploits3References10

SUSE CVE•added 2024/06/18 2:43 a.m.•1 views

SUSE CVE-2024-38440

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BNbin2bn in etc/uams/uamsdhxpam.c. The original issue 1097 report stated: 'The latest version of Netatalk v3.2.0 contains a security...

7.3CVSS7.4AI score0.00703EPSS

Exploits1References4

OSV•added 2024/06/16 1:15 p.m.•16 views

CVE-2024-38439

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...

9.8CVSS7.1AI score0.00529EPSS

Exploits1References5

NVD•added 2024/06/16 1:15 p.m.•20 views

CVE-2024-38440

7.5CVSS0.00703EPSS

Exploits1References5

NVD•added 2024/06/16 1:15 p.m.•17 views

CVE-2024-38439

9.8CVSS0.00529EPSS

Exploits1References5

OSV•added 2024/06/16 1:15 p.m.•10 views

CVE-2024-38440

7.5CVSS7.3AI score0.00703EPSS

Exploits1References5

OSV•added 2024/06/16 1:15 p.m.•1 views

DEBIAN-CVE-2024-38440

7.5CVSS8.6AI score0.00703EPSS

Exploits1References1

UbuntuCve•added 2024/06/16 1:15 p.m.•9 views

CVE-2024-38440

7.5CVSS7.2AI score0.00703EPSS

Exploits1References3

UbuntuCve•added 2024/06/16 1:15 p.m.•16 views

CVE-2024-38439

9.8CVSS7.2AI score0.00529EPSS

Exploits1References3

Cvelist•added 2024/06/16 12:0 a.m.•27 views

CVE-2024-38440

0.00703EPSS

Exploits1References4

CVE•added 2024/06/16 12:0 a.m.•160 views

CVE-2024-38439

Netatalk before 3.2.1 has multiple heap-based buffer overflow off-by-one defects. CVE-2024-38439 (ibuf[PASSWDLEN] = '\0' in FPLoginExt), CVE-2024-38440 (BN_bin2bn in FPLoginExt), and CVE-2024-38441 (ibuf[len] = '\0' in FPMapName) originate in etc/uams/uams_pam.c and etc/afp/directory.c. The issue...

9.8CVSS7AI score0.00529EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2024/06/16 12:0 a.m.•18 views

CVE-2024-38440

7.4AI score0.00703EPSS

Exploits1References4

Debian CVE•added 2024/06/16 12:0 a.m.•14 views

CVE-2024-38440

7.5CVSS8.6AI score0.00703EPSS

Exploits1

AlpineLinux•added 2024/06/16 12:0 a.m.•19 views

CVE-2024-38439

9.8CVSS7.4AI score0.00529EPSS

Exploits1

Cvelist•added 2024/06/16 12:0 a.m.•15 views

CVE-2024-38439

0.00529EPSS

Exploits1References4

CVE•added 2024/06/16 12:0 a.m.•79 views

CVE-2024-38440

Netatalk (AFP server) prior to 3.2.1 is affected by off-by-one errors that trigger heap-based buffer overflow/segmentation faults. The issue stems from FPLoginExt usage of BN_bin2bn in /etc/uams/uams_dhx_pam.c (and related FPMapName in afp_mapname/directory.c), enabling out-of-bounds writes and p...

7.5CVSS7.2AI score0.00703EPSS

Exploits1References5Affected Software1