231 matches found
EUVD-2024-2131
Malicious code in bioql PyPI...
EUVD-2023-0231
Malicious code in bioql PyPI...
CVE-2025-7647
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
GHSA-CR7Q-2W66-HJCM llama-index-core insecurely handles temporary files
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
CVE-2025-38615 fs/ntfs3: cancle set bad inode after removing name fails
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted...
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data
Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...
Insecure Temporary File Handling Vulnerability in llama-index-core
Description The getcachedir function in llama-index-core uses a predictable, hardcoded directory path /tmp/llamaindex on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct...
Directory Traversal
Salt is vulnerable to a Directory traversal. The vulnerability is due to improper validation of file paths during cache creation, allowing attackers to write or overwrite files outside the intended cache directory...
SUSE CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
GHSA-8PCP-R83J-FC92 Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
GHSA-R546-H3FF-Q585 Salt vulnerable to directory traversal attack in minion file cache creation
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
UBUNTU-CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
Directory Traversal
Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...
CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
CVE-2024-38824
CVE-2024-38824 is a directory traversal vulnerability in the recv_file method that allows writing arbitrary files into the Salt master cache directory. Public references in multiple advisories (SUSE openSUSE/SUSE-SU-2025-02501/-02492/-02476, SUSE-2025-02492, -02500, -02502) confirm the flaw affec...