Lucene search
K

169 matches found

osv
osv
added 2024/10/24 6:32 p.m.8 views

GHSA-QFWQ-6JH6-8XX4 OpenRefine has a path traversal in LoadLanguageCommand

The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. When doing so, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to re...

7.1CVSS5.8AI score0.00597EPSS
Exploits0References4
github
github
added 2024/10/24 6:32 p.m.24 views

OpenRefine has a path traversal in LoadLanguageCommand

The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. When doing so, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to re...

7.1CVSS6.6AI score0.00597EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2024/06/27 7:15 p.m.25 views

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

7.5CVSS0.00852EPSS
Exploits1References2
cve
cve
added 2024/06/27 6:40 p.m.54 views

CVE-2024-6090

CVE-2024-6090 is a path traversal vulnerability in gaizhenbiao/chuanhuchatgpt (version 20240410). The underlying issue allows an attacker to delete other users’ chat histories and, per reports, any files ending in .json on the target system, which can cause a denial of service by breaking authent...

7.5CVSS7.4AI score0.00852EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2024/06/26 12:0 a.m.22 views

Ubuntu 24.04 LTS : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6746-2 advisory. USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. Tenable has...

7.5CVSS7AI score0.01262EPSS
Exploits0References2
openvas
openvas
added 2024/04/24 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-6746-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01262EPSS
Exploits0References2
osv
osv
added 2024/04/23 11:38 a.m.3 views

USN-6746-1 google-guest-agent, google-osconfig-agent vulnerability

It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References2
nvd
nvd
added 2024/04/12 10:15 p.m.54 views

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.3AI score0.0068EPSS
Exploits0References10
osv
osv
added 2024/04/12 9:41 p.m.28 views

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.8AI score0.0068EPSS
Exploits0References12
cvelist
cvelist
added 2024/04/12 9:41 p.m.38 views

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.5AI score0.0068EPSS
Exploits0References10
cve
cve
added 2024/04/12 9:41 p.m.79 views

CVE-2024-31462

The CVE-2024-31462 entry concerns stable-diffusion-webui (v1.7.0) with a limited file write vulnerability. The root cause is in the create_ui function (Backup/Restore tab) within modules/ui_extensions.py, where user input is captured into config_save_name and later used to form a file path that i...

6.3CVSS6.8AI score0.0068EPSS
Exploits0References10
cnnvd
cnnvd
added 2024/04/12 12:0 a.m.7 views

Stable Diffusion web UI 安全漏洞

Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A security vulnerability exists in Stable Diffusion web UI version 1.7.0, which stems from the presence of a file write vulnerability. An attacker can exploit the vulnerability to write a json file anywhere t...

6.3CVSS6.7AI score0.0068EPSS
Exploits0References10
ubuntu
ubuntu
added 2024/03/25 12:1 p.m.40 views

USN-6713-1: QPDF vulnerability

It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS6.8AI score0.00436EPSS
Exploits1
redhat
redhat
added 2024/03/05 6:4 p.m.2 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References4
redhat
redhat
added 2024/01/30 1:28 p.m.5 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.4AI score0.01888EPSS
Exploits1References4
redhat
redhat
added 2024/01/25 8:32 a.m.15 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.4AI score0.01888EPSS
Exploits1References4
redhat
redhat
added 2023/11/14 3:36 p.m.9 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.4AI score0.01888EPSS
Exploits1References4
prion
prion
added 2023/10/12 7:15 a.m.22 views

Buffer overflow

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbxjsonopen...

4.4CVSS7.8AI score0.0069EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/10/12 6:6 a.m.13 views

CVE-2023-32722 Stack-buffer Overflow in library module zbxjson

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbxjsonopen...

9.6CVSS7.2AI score0.0069EPSS
Exploits0References1
osv
osv
added 2023/08/28 7:18 p.m.6 views

USN-6310-1 json-c vulnerability

It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.4AI score0.01071EPSS
Exploits1References2
Rows per page
Query Builder