VYPR
Vendor

Fogproject

Products
3
CVEs
16
Across products
25
Status
Private

Products

3

Recent CVEs

16
  • CVE-2026-24138HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both…

  • CVE-2026-33739MedMar 27, 2026
    risk 0.30cvss 5.7epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient…

  • CVE-2025-58443Sep 6, 2025
    risk 0.01cvss epss 0.18

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without…

  • CVE-2024-42349Aug 2, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log…

  • CVE-2024-42348Aug 2, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.

  • CVE-2024-41954Jul 31, 2024
    risk 0.00cvss epss 0.00

    FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could…

  • CVE-2024-41108Jul 31, 2024
    risk 0.00cvss epss 0.01

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending…

  • CVE-2024-40645Jul 31, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650…

  • CVE-2024-39916Jul 12, 2024
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports…

  • CVE-2024-39914Jul 12, 2024
    risk 0.00cvss epss 0.23

    FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

  • CVE-2024-34477May 27, 2024
    risk 0.00cvss epss 0.00

    configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable…

  • CVE-2023-46237Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover…

  • CVE-2023-46236Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This…

  • CVE-2023-46235Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in…

  • CVE-2021-32243Jun 16, 2021
    risk 0.00cvss epss 0.01

    FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).

  • CVE-2014-3111Oct 21, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage…