CVE-2024-34477
- EPSS 0.14%
- Veröffentlicht 27.05.2024 14:15:09
- Zuletzt bearbeitet 26.09.2025 23:59:59
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share i...
CVE-2023-46235
- EPSS 0.55%
- Veröffentlicht 31.10.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:28:08
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator...
CVE-2023-46236
- EPSS 0.29%
- Veröffentlicht 31.10.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:28:08
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary end...
CVE-2023-46237
- EPSS 0.42%
- Veröffentlicht 31.10.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:28:08
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unau...
CVE-2021-32243
- EPSS 0.83%
- Veröffentlicht 16.06.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:06:54
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).