Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42422

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.0 through 4.4.2 Description Multiple heap out-of-bounds reads occur in the Spotlight RPC unmarshalling code. A remote authenticated attacker can exploit this to obtain sensitive information or cause a minor service...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

9.9CVSS6.1AI score0.00477EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42411

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description Netatalk generates AFP session tokens derived from predictable process IDs. This allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42408

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.2 through 4.4.2 Description An improper link resolution issue allows a remote authenticated attacker to read or overwrite arbitrary files through the creation of attacker-controlled symlinks symbolic links, which are file...

9.9CVSS6AI score0.00516EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42416

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description An integer underflow in the dsi writeinit function allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. Recommendations Update to version 4.4.3...

9.9CVSS5.8AI score0.00418EPSS
Exploits0References20
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:49 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the GetSystemLogs, SSESubscribeSystemLogs, and WSSubscribeSystemLogs endpoints. A non-admin user can access sensitive server log information, including error stack traces,...

5.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:39 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization missing RequireScopes enforcement on privileged routes. An attacker can gain unauthorized access to privileged endpoints and export sensitive backup data by using a deliberately limited admin access token on rout...

6.4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.5 views

PT-2023-29924 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.4.3 Description: CodeIgniter is a PHP full-stack web framework. If an error or exception occurs, a detailed error report is displayed even if in the production environment, potentially leaking confidential...

7.5CVSS7.4AI score0.00621EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/03/03 12:0 a.m.4 views

PT-2021-19200 · Zetetic +1 · Sqlcipher +1

Name of the Vulnerable Software and Affected Versions: Zetetic SQLCipher versions 4.x before 4.4.3 Description: The issue is related to a NULL pointer dereferencing problem in the sqlcipher export function in crypto.c and the sqlite3StrICmp function in sqlite3.c. This may allow an attacker to...

7.5CVSS7.9AI score0.01572EPSS
Exploits1References12
Rows per page
Query Builder