all InfoSec news
VU#709991: Netatalk contains multiple error and memory management vulnerabilities
Nov. 16, 2022, 1:28 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote Code Execution as well as Out-of-bounds Read.
Description
Below are the new CVEs. Per ZDI:
CVE-2022-0194
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
1 month, 4 weeks ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)