27 matches found
SQL Injection
Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...
CVE-2024-2195
A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...
PT-2024-2072 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to a lack of proper authorization in requests fetching team-associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team they are not a member of...
PT-2023-30137 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7.0 through 3.17.18 GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 Description: The issu...
PT-2023-8221 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to the fixed version Description: The issue is related to a lack of validation for relative paths in the /plugins/playbooks/api/v0/telemetry/run/ endpoint, allowing an attacker to use a path traversal payload to poin...
SUSE CVE-2013-1653
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...
DEBIAN-CVE-2013-1653
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...