Lucene search
K

197 matches found

Slackware Linux
Slackware Linux
added 2025/01/15 12:12 a.m.17 views

[slackware-security] rsync

New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.0-i586-1slack15.0.txz: Upgraded. This is a security release, fixing several important security vulnerabilities: Heap Buffer...

9.8CVSS7.4AI score0.72059EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2025/01/14 5:37 p.m.15 views

CVE-2024-12086 Rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.1CVSS6.5AI score0.01761EPSS
Exploits1References7
FreeBSD
FreeBSD
added 2025/01/14 12:0 a.m.22 views

rsync -- Multiple security fixes

rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...

9.8CVSS7.2AI score0.72059EPSS
Exploits8
CERT
CERT
added 2025/01/14 12:0 a.m.13 views

Rsync contains six vulnerabilities

Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...

9.8CVSS8AI score0.72059EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2024/12/19 7:11 p.m.19 views

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS6.2AI score0.25431EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/12/11 7:57 a.m.455 views

Internet Bug Bounty: netrc and redirect credential leak

The netrc file in curl could lead to the unintentional leakage of a password to a different host when following HTTP redirects, if the netrc file had an entry matching the redirect target hostname but omitting either just the password or both login and password...

3.4CVSS3.9AI score0.01378EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2024/10/12 2:48 a.m.3 views

SUSE CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

7.5CVSS6.6AI score0.00804EPSS
Exploits1References3
PyPA
PyPA
added 2024/10/10 11:15 p.m.7 views

PYSEC-2024-217

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

7.5CVSS6.8AI score0.00804EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/10 11:15 p.m.13 views

PYSEC-2024-217

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

7.5CVSS7.5AI score0.00804EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/10 10:18 p.m.17 views

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

6.3CVSS6.7AI score0.00804EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/09/08 3:2 a.m.4 views

SUSE CVE-2023-52909

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4open codepath Commit fb70bf124b05 "NFSD: Instantiate a struct file when creating a regular NFSv4 file" added the ability to cache an open fd over a compound. There are a couple of...

5.5CVSS6.4AI score0.00235EPSS
Exploits0References6
OSV
OSV
added 2024/08/23 8:15 p.m.4 views

CVE-2024-45190

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS5.9AI score0.00859EPSS
Exploits1References1
NVD
NVD
added 2024/08/23 8:15 p.m.34 views

CVE-2024-45189

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/23 7:16 p.m.19 views

CVE-2024-45190 Mage AI pipeline interaction request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS0.00859EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/23 7:15 p.m.41 views

CVE-2024-45189 Mage AI git content request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
CVE
CVE
added 2024/08/23 7:15 p.m.65 views

CVE-2024-45189

Mage AI is affected by a path traversal vulnerability in the Git Content request that allows remote users with the Viewer role to leak arbitrary files from the Mage server. The issue is documented across multiple sources (CVE-2024-45189, related advisories) and is characterized by improper input ...

6.5CVSS6.5AI score0.00881EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/08/23 7:14 p.m.23 views

CVE-2024-45188 Mage AI file content request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
OSV
OSV
added 2024/07/31 3:31 p.m.45 views

GHSA-R49H-6QXQ-624F Weave server API vulnerable to arbitrary file leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS8.7AI score0.04974EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/31 3:0 p.m.19 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7AI score0.04974EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/31 3:0 p.m.294 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS0.04974EPSS
Exploits0References2
Rows per page
Query Builder