CVE-2024-10396

HIGH Year: 2024
Weakness Type
CWE-1286
View all →

Vulnerability Description

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Related Vulnerabilities

CVE-2021-31988

HIGH
CVSS:8.8(High)

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SM...

CWE-12862021

CVE-2024-26507

HIGH
CVSS:7.8(High)

An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associate...

CWE-12862024

CVE-2021-31987

HIGH
CVSS:7.5(High)

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.

CWE-12862021

CVE-2021-44695

HIGH
CVSS:7.5(High)

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CWE-12862021

CVE-2022-1941

HIGH
CVSS:7.5(High)

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and inc...

CWE-12862022

CVE-2022-22192

HIGH
CVSS:7.5(High)

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Deni...

CWE-12862022