Lucene search
K

224 matches found

OSV
OSV
added 2024/07/02 3:0 p.m.1 views

UBUNTU-CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS6AI score0.00835EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/01 2:7 p.m.46 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS0.00756EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.2 views

PT-2025-30434

Name of the Vulnerable Software and Affected Versions ONNX version 1.17.0 Description A path traversal issue exists in the onnx.external data helper.save external data function. This allows attackers to overwrite arbitrary files by providing crafted external data.location paths containing travers...

8.8CVSS8.8AI score0.01168EPSS
Exploits2References26
SUSE CVE
SUSE CVE
added 2024/03/06 4:52 a.m.1 views

SUSE CVE-2021-47107

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small say, zero, then the buffer size calculation in the new initdirlist helper functions results in an underflow, allowing the XDR stream...

6.3CVSS5.6AI score0.00376EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2024/02/27 3:54 a.m.2 views

SUSE CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS7AI score0.01189EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/02/26 8:0 a.m.3 views

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.

...

7.5CVSS6AI score0.01608EPSS
Exploits1
OSV
OSV
added 2024/02/23 6:30 p.m.29 views

GHSA-WHH8-FJGC-QP73 Onnx Directory Traversal vulnerability

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS7.5AI score0.01189EPSS
Exploits0References7
PyPA
PyPA
added 2024/02/23 6:15 p.m.4 views

PYSEC-2024-222

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS7AI score0.01608EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/02/23 6:15 p.m.27 views

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS7.6AI score0.01189EPSS
Exploits0References4
OSV
OSV
added 2024/02/23 6:15 p.m.8 views

AZL-34464 CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS6.6AI score0.01189EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.4 views

Open Neural Network Exchange Path Traversal Vulnerability

Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A security vulnerability exists in Open Neural Network Exchange versions 1.15.0 and earlier, which stems from a field in the externaldata tensor prototype that may...

7.5CVSS6.8AI score0.01189EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.4 views

PT-2024-21817 · Onnx · Onnx

Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.15.0 Description: The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occu...

7.5CVSS4.5AI score0.01189EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2024/02/15 12:0 a.m.5 views

The vulnerability of the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform arises from improper processing of output data for registration logs. This allows a perpetrator to insert arbitrary information into the log files.

The vulnerability in the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to write arbitrary information into t...

8.2CVSS5.7AI score0.00388EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/14 8:15 p.m.2 views

ALPINE-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

8.2CVSS7AI score0.01125EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 8:15 p.m.3 views

UBUNTU-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

8.2CVSS6AI score0.01125EPSS
Exploits0References2
NVD
NVD
added 2023/11/02 2:15 p.m.33 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS4.6AI score0.00478EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/02 1:1 p.m.20 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS5AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.7 views

Open-Xchange App Suite Resource Management Error Vulnerability

Open-Xchange App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that originates from a connection to an external data source that does not terminate upon timeout...

4.3CVSS6.7AI score0.00478EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/10/26 12:0 a.m.4 views

The vulnerability of the Ruby on Rails software platform lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of the Ruby on Rails software platform is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses when using unvalidated external data in the redirectto handler...

6.4CVSS6.5AI score0.00595EPSS
Exploits0References7Affected Software2
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.1 views

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

6AI score0.002EPSS
Exploits0References5
Rows per page
Query Builder