CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker...

PT-2024-25380 · Fujitsu · Fujitsu Software Time Creator

Name of the Vulnerable Software and Affected Versions: ID Link Manager affected versions not specified FUJITSU Software TIME CREATOR affected versions not specified Description: An absolute path traversal issue exists, allowing an unauthenticated remote attacker to retrieve file contents, includi...

GHSA-W877-JFW7-46RJ DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1...

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library version 0.1.0 up to and including version 0.27.0, which stems from a vulnerability that will not prevent an...

DeepJavaLibrary API absolute path traversal

DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1.0 throu...

Fedora: Security Advisory for rust-uu_realpath (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

Fedora: Security Advisory for rust-uu_realpath (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-uu_realpath-0.0.23-3.fc40

realpath uutils display resolved absolute path of PATHNAME...

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

CVE-2023-25050

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6...

PT-2024-5048 · Unknown · Deepjavalibrary

Name of the Vulnerable Software and Affected Versions: DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access. This can allow a remote attacker to overwrite system files. The estimated number o...

RHEL 7 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: symlink exchange attack in podman export volume CVE-2023-0778 - A vulnerability was found in...