Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39916 | 1 Fogproject | 1 Fogproject | 2024-09-05 | N/A | 6.4 MEDIUM |
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30. | |||||
| CVE-2024-41255 | 2024-08-01 | N/A | 7.5 HIGH | ||
| filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. | |||||
| CVE-2024-21411 | 2024-06-11 | N/A | 8.8 HIGH | ||
| Skype for Consumer Remote Code Execution Vulnerability | |||||