2819 matches found
SonicWall SMA100 Path Traversal Vulnerability
The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A path traversal vulnerability exists in the SonicWall SMA100, which can be exploited by an attacker to delete arbitrary files, resulting in a reboot of factory settings...
The vulnerability of SonicWall SMA 100 series network firewall microprogramming software lies in the lack of access control over critical files and directories. This allows a hacker to delete any file and reset the system to its factory settings.
The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to the lack of access control over critical files and directories. Exploiting this vulnerability could allow a remote attacker to delete any file and reset the system to its factory settings...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
Vulnerabilities fixed in SonicWall SMA100
SonicWall has fixed vulnerabilities in the SMA100 series. The vulnerabilities are in the way the SMA100 series handles authenticated SSLVPN users. CVE-2025-32819 allows these users to bypass path-traversal controls and delete arbitrary files, which can lead to a reset of the device to factory...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
CVE-2025-32819
CVE-2025-32819 affects SonicWall SMA100 series appliances. A remote, authenticated SSLVPN user can bypass path-traversal checks to delete arbitrary files, potentially rebooting the device to factory defaults. The vulnerability is fixed in SMA100 firmware 10.2.1.15-81sv (patch released May 2025). ...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
SonicWALL SMA100 安全漏洞
The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A path traversal vulnerability exists in the SonicWall SMA100, which can be exploited by an attacker to delete arbitrary files, resulting in a reboot of factory settings...
VulnCheck KEV: CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings...
CVE-2025-46567
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567
Summary of CVE-2025-46567 (LLaMA-Factory) : The LLaMA-Factory project contains a critical vulnerability prior to version 1.0.0 in the llamafy_baichuan2.py script, which performs insecure deserialization using torch.load() on user-supplied .bin files. A crafted malicious .bin can trigger arbitrary...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
LLaMA-Factory 安全漏洞
LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A security vulnerability exists in LLaMA-Factory versions prior to 1.0.0, which stems from an unsafe deserialization of user-supplied .bin files in the llamafybaichuan2.py script, which could...
Insecure Deserialization
LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...