Lucene search
K

1649 matches found

Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.23 views

onnx allows Arbitrary File Overwrite in download_model_with_test_data

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, versions before 1.16.2, allow for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS8.8AI score0.01168EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2024/06/06 9:30 p.m.1 views

GHSA-6RQ9-53C3-F7VJ onnx allows Arbitrary File Overwrite in download_model_with_test_data

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, versions before 1.16.2, allow for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS6.2AI score0.01168EPSS
Exploits2References14
OSV
OSV
added 2024/06/06 7:16 p.m.2 views

DEBIAN-CVE-2024-5187

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS8.5AI score0.01168EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 7:16 p.m.1 views

UBUNTU-CVE-2024-5187

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS7.6AI score0.01168EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/06 6:45 p.m.11 views

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS7.7AI score0.01168EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 6:40 p.m.23 views

CVE-2024-3322 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

8.4CVSS0.00726EPSS
Exploits1References2
OSV
OSV
added 2024/05/29 2:15 p.m.13 views

CVE-2024-25975

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

6.5CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2024/05/29 1:13 p.m.28 views

CVE-2024-25975 Arbitrary File Overwrite

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

6.5AI score0.00592EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/05/29 1:13 p.m.28 views

CVE-2024-25975 Arbitrary File Overwrite

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

6.8AI score0.00592EPSS
Exploits1References3
CVE
CVE
added 2024/05/29 1:13 p.m.62 views

CVE-2024-25975

CVE-2024-25975 affects the HAWKI application (Interaction Design Team, University of Applied Sciences) and is tied to a path-traversal in the up/downvote feature. The POST parameters are not properly filtered, allowing an authenticated attacker to write arbitrary files on the server by supplying ...

6.5CVSS6.4AI score0.00592EPSS
Exploits1References3
NVD
NVD
added 2024/05/15 5:15 p.m.10 views

CVE-2023-5938

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...

8.9CVSS8.1AI score0.00673EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 4:8 p.m.29 views

CVE-2023-5938

CVE-2023-5938 affects Arc up to versions prior to 1.6.0. The vulnerability arises because multiple functions process archives without validating contained filenames, enabling path traversal via zip slip. An administrator able to supply tampered archives to Arc could cause arbitrary files to be ex...

8.9CVSS7.1AI score0.00673EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-14847 · Arc · Arc

Name of the Vulnerable Software and Affected Versions: Arc affected versions not specified Description: The issue arises from multiple functions using archives without properly validating the filenames, making the application susceptible to path traversal via 'zip slip' attacks. An administrator...

8.9CVSS7.3AI score0.00673EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 4:16 p.m.1 views

CVE-2024-27946

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with...

6.5CVSS5.8AI score
Exploits0References1
Atlassian
Atlassian
added 2024/05/13 10:10 a.m.47 views

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

8.8CVSS7.3AI score0.01884EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/03 7:50 a.m.18 views

CVE-2024-28072 Arbitrary File Overwrite Vulnerability

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...

5.7CVSS7AI score0.00638EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.18 views

RHEL 6 / 7 : rh-ruby22-ruby (RHSA-2018:0583)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0583 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References28
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.34 views

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References25
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.29 views

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2017:3485)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3485 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.29442EPSS
Exploits8References20
CVE
CVE
added 2024/04/10 5:7 p.m.99 views

CVE-2024-2221

CVE-2024-2221 affects qdrant/qdrant. The vulnerability is a path traversal and arbitrary file upload via the /collections/{COLLECTION}/snapshots/upload endpoint, exploitable through the snapshot parameter, allowing an attacker to upload and overwrite any file on the filesystem and potentially ach...

9.8CVSS9.7AI score0.01845EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder