11 matches found
PT-2026-42422
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.0 through 4.4.2 Description Multiple heap out-of-bounds reads occur in the Spotlight RPC unmarshalling code. A remote authenticated attacker can exploit this to obtain sensitive information or cause a minor service...
PT-2026-42412
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...
PT-2026-42411
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description Netatalk generates AFP session tokens derived from predictable process IDs. This allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...
PT-2026-42408
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.2 through 4.4.2 Description An improper link resolution issue allows a remote authenticated attacker to read or overwrite arbitrary files through the creation of attacker-controlled symlinks symbolic links, which are file...
PT-2026-42416
Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description An integer underflow in the dsi writeinit function allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. Recommendations Update to version 4.4.3...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the GetSystemLogs, SSESubscribeSystemLogs, and WSSubscribeSystemLogs endpoints. A non-admin user can access sensitive server log information, including error stack traces,...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization missing RequireScopes enforcement on privileged routes. An attacker can gain unauthorized access to privileged endpoints and export sensitive backup data by using a deliberately limited admin access token on rout...
PT-2023-29924 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.4.3 Description: CodeIgniter is a PHP full-stack web framework. If an error or exception occurs, a detailed error report is displayed even if in the production environment, potentially leaking confidential...
PT-2021-19200 · Zetetic +1 · Sqlcipher +1
Name of the Vulnerable Software and Affected Versions: Zetetic SQLCipher versions 4.x before 4.4.3 Description: The issue is related to a NULL pointer dereferencing problem in the sqlcipher export function in crypto.c and the sqlite3StrICmp function in sqlite3.c. This may allow an attacker to...