101 matches found
CVE-2025-1247
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...
CVE-2025-1247
CVE-2025-1247 affects Quarkus REST: a flaw where request parameters leak between concurrent requests when endpoints use field injection without a CDI scope. Root cause is shared per-request data in fields; attackers could manipulate data, impersonate users, or access sensitive information. Mitiga...
CVE-2024-52398
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through = 5.5.3...
PT-2025-5678 · Unknown +1 · Nbdkit-Server +9
Name of the Vulnerable Software and Affected Versions: cdi-apiserver-container affected versions not specified cdi-cloner-container affected versions not specified cdi-controller-container affected versions not specified cdi-importer-container affected versions not specified cdi-operator-containe...
CVE-2024-52398
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through = 5.5.3...
CVE-2024-52398 WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3...
CVE-2024-52398
CVE-2024-52398 affects the WordPress plugin CDI (Collect and Deliver Interface for WooCommerce) with versions up to and including 5.5.3. The vulnerability is Unrestricted Upload of File with Dangerous Type, enabling arbitrary file uploads. Public references in Red Hat advisories and Patchstack co...
PT-2024-35236 · Unknown · Halyra Cdi
Name of the Vulnerable Software and Affected Versions: Halyra CDI versions n/a through 5.5.3 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI. This allows for the upload of files with dangerous types. Recommendations: For versions...
WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin CDI versions = 5.5.3...
WordPress CDI Plugin <= 5.5.3 is vulnerable to Arbitrary File Upload
Software CDI Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52398 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a3849d91bb27 Credits Joshua Chan Required privilege Shop manager...
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...
GHSA-MJJW-553X-87PQ NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2024-0132)
The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0132 advisory. - NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU...
CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...
SUSE CVE-2024-0133
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...
CVE-2024-0133
A flaw was found in the in the default mode of operation in the NVIDIA Container Toolkit. This flaw allows a specially crafted container image to create empty files on the host file system. This issue does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead...
AZL-50184 CVE-2024-0133 affecting package nvidia-container-toolkit for versions less than 1.16.2-1
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...
CVE-2024-0133
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...