224 matches found
UBUNTU-CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
PT-2025-30434
Name of the Vulnerable Software and Affected Versions ONNX version 1.17.0 Description A path traversal issue exists in the onnx.external data helper.save external data function. This allows attackers to overwrite arbitrary files by providing crafted external data.location paths containing travers...
SUSE CVE-2021-47107
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small say, zero, then the buffer size calculation in the new initdirlist helper functions results in an underflow, allowing the XDR stream...
SUSE CVE-2024-27318
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
...
GHSA-WHH8-FJGC-QP73 Onnx Directory Traversal vulnerability
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
PYSEC-2024-222
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
CVE-2024-27318
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
AZL-34464 CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
Open Neural Network Exchange Path Traversal Vulnerability
Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A security vulnerability exists in Open Neural Network Exchange versions 1.15.0 and earlier, which stems from a field in the externaldata tensor prototype that may...
PT-2024-21817 · Onnx · Onnx
Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.15.0 Description: The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occu...
The vulnerability of the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform arises from improper processing of output data for registration logs. This allows a perpetrator to insert arbitrary information into the log files.
The vulnerability in the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to write arbitrary information into t...
ALPINE-CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...
UBUNTU-CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
Open-Xchange App Suite Resource Management Error Vulnerability
Open-Xchange App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that originates from a connection to an external data source that does not terminate upon timeout...
The vulnerability of the Ruby on Rails software platform lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of the Ruby on Rails software platform is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses when using unvalidated external data in the redirectto handler...
kernel: NFSD: Finish converting the NFSv2 GETACL result encoder
A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...