12 matches found
EUVD-2024-22260
Malicious code in bioql PyPI...
CVE-2024-24897
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897 Remote command execution in A-Tune-Collector
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897
CVE-2024-24897 affects openEuler A-Tune-Collector (1.1.0-3 through 1.3.0). The root cause is improper neutralization of shell commands in sched.py when obtaining a process ID, enabling command injection and remote arbitrary command execution. Multiple connected sources (Red Hat, NVD/NVD-like entr...
CVE-2024-24897 Remote command execution in A-Tune-Collector
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
A-Tune 安全漏洞
A-Tune is a service for atuned AI tuning systems from the openEuler community. A security vulnerability exists in openEuler A-Tune-Collector from version 1.1.0-3 through 1.3.0 that stems from a command injection issue...
OESA-2024-1271 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
OESA-2024-1272 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
OESA-2024-1273 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
OESA-2024-1274 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
A-Tune 访问控制错误漏洞
A-Tune is a service for atuned AI tuning systems from the openEuler community. A security vulnerability exists in A-Tune before 0.3-0.8 that originates from logging in as a local user and running the curl command to access the local atune url interface to elevate local privileges or modify any...