The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.

The vulnerability of the AI application scaling framework and Python Ray is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “filename” parameter...

NUUO NVRmini 路径遍历漏洞

NUUO NVRmini is a standalone Linux-based IP camera surveillance solution from NUUO. A path traversal vulnerability exists in NUUO NVRmini versions 2.x through 3.0.8, which stems from the fact that incorrect manipulation of the parameter filename can lead to path traversal...

PT-2024-23164 · Nuuo · Nuuo Camera

Name of the Vulnerable Software and Affected Versions: NUUO Camera up to 20240319 Description: A vulnerability was found in the processing of the file /deletefile.php, where the manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has...

NUUO Camera 安全漏洞

NUUO Camera is a series of webcams. A security vulnerability exists in NUUO Camera 20240319 and earlier versions, which stems from a Denial of Service DOS vulnerability in the parameter filename of the file /deletefile.php...

libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution

An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...

GHSA-F98W-7CXR-FF2H KaTeX's `\includegraphics` does not escape filename

Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. Workarounds Avoid use of or turn off the trust option, ...

KaTeX's `\includegraphics` does not escape filename

Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. Workarounds Avoid use of or turn off the trust option, ...

CVE-2024-2820

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator for Givan Personal Developers. A security vulnerability exists in VvvebJs prior to version 1.7.7, which stems from an arbitrary file upload vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code and obtain sensitive...

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. Desdev DedeCMS 5.7 version of the...

GHSA-WR3J-PWJ9-HQQ6 Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution

An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.43, which stems from insufficient permissions validation and filename validation...

EulerOS Virtualization 2.11.0 : binutils (EulerOS-SA-2024-1424)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a lon...

EulerOS Virtualization 2.11.0 : zlib (EulerOS-SA-2024-1437)

According to the versions of the zlib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...

PT-2024-21049 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...

IBM DS8900F HMC Information Disclosure Vulnerability

The IBM DS8900F HMC is an enterprise-class disk storage system from International Business Machines IBM for storing and managing large-scale enterprise data. An information disclosure vulnerability exists in the IBM DS8900F HMC, which can be exploited by an attacker to read arbitrary files after...

Collabora Online Security Breach

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a security vulnerability. An attacker can exploit the vulnerability to obtain the path to a...