21303 matches found
CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...
CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...
CVE-2024-7034
Open WebUI 0.3.8 is affected by a directory traversal vulnerability in the /models/upload endpoint due to unsafe handling of file.filename, allowing arbitrary file writes outside the UPLOAD_DIR and potentially overwriting system files. This can lead to unauthorized modifications and may enable re...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1296)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
OpenShift Console Has a Path Traversal Vulnerability
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
GHSA-69X5-HJG4-M267 OpenShift Console Has a Path Traversal Vulnerability
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the /locales/resources.json endpoint. An attacker can access any files with the .json extension on the console's pod. Details A Directory Traversal attack also known as path traversal aims to access files and...
CVE-2024-7631
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
CVE-2024-7631 Openshift-console: openshift console: path traversal
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
CVE-2024-7631 Openshift-console: openshift console: path traversal
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
CVE-2024-7631
OpenShift Console CVE-2024-7631 describes a path traversal flaw in the locales/resources.json endpoint where lng/ns are used to build a file path in pkg/plugins/handlers unsafely.go, allowing an authenticated user to read arbitrary JSON files on the console pod by using ../ sequences. Connected d...
CVE-2024-7631
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
Security update for python311
This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...
SUSE-SU-2025:20154-1 Security update for python311
This update for python311 fixes the following issues: - Skip PGO with %wantreproduciblebuilds bsc1239210 - CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. - Configure externallymanaged with a bcond bsc1228165. - Update to 3.11.11: - Tools/Demos - gh-123418...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1296)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1295)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-57170
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...
CVE-2024-57170
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...
Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15
Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...