Monthly
Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.