Limited File Write

MindsDB is vulnerable to Limited File Write. The vulnerability is caused due to a put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used to construct a temporary file name. This allows to write files anywhere on the server leading...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNET GL-AR300M v4.3.7, which stems from the presence of a path traversal vulnerability that allows an attacker to write arbitrary files via the file upload function of the OpenVPN clien...

CVE-2023-49796

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

PYSEC-2023-278

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

PYSEC-2023-278

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

Design/Logic Flaw

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

CVE-2023-49796 MindsDB Arbitrary File Write vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

CVE-2023-49796

CVE-2023-49796 affects MindsDB prior to 23.11.4.1, where the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-supplied name, enabling arbitrary file writes via path injection. Public sources corroborate a limited file write vulnerability in file.py. Affected ve...

CVE-2023-49796 MindsDB Arbitrary File Write vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

MindsDB Input Validation Error Vulnerability

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. An input validation error vulnerability exists in MindsDB versions prior to 23.11.4.1, which stems from the presence of a limited file write in file.py...

NCP Engineering Secure Enterprise Client Security Vulnerability

Ncp Engineering NCP engineering Secure Enterprise Client is a VPN Virtual Private Network client application from the German company Ncp Engineering. A security vulnerability exists in NCP engineering Secure Enterprise Client versions prior to 12.22, which stems from the presence of insecure file...

Directory Traversal

Amendment This was deemed not a vulnerability. Overview cross-zip is a Cross-platform .zip file creation Affected versions of this package are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access...

PT-2023-30033 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...

CVE-2023-46690

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution...

CVE-2023-46690

CVE-2023-46690 affects Delta Electronics InfraSuite Device Master (version 1.0.7 and earlier). The vulnerability is a path traversal flaw in the device master that allows an attacker to write to arbitrary files anywhere on the filesystem, potentially enabling remote code execution. Related adviso...

Delta Electronics InfraSuite Device Master Security Vulnerability

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions, which originated from a...

dotnet6.0 security update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

dotnet7.0 security update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS = v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited ...

CVE-2023-3533

Path traversal in file upload functionality in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write...