CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which can be exploited by an attacker to read arbitrary files in the context of a server process...

CVE-2024-25116

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

PT-2024-2328 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process,...

databases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports: A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled net.tls.mode set to allowTLS, preferTLS, or requireTLS and without...

MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

GHSA-WV8Q-4F85-2P8P MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-6976

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-6976

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-6976

CVE-2023-6976 is an Arbitrary File Write issue described across multiple sources (NVD, Red Hat, OSV, Veracode, GitHub advisories) affecting the server process’s ability to write files to arbitrary locations on the remote filesystem. Public descriptions consistently state the vulnerability enables...

Mlflow Code Issue Vulnerability

Mlflow is an open source platform for machine learning lifecycle. A code issue vulnerability exists in Mlflow. An attacker could exploit this vulnerability to write arbitrary files to an arbitrary location on a remote file system in a server process environment...

PT-2023-32832 · Bitnami +4 · Mlflow +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue allows writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Recommendations: At th...

MagnusBilling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...

Rocky Linux 8 : subversion:1.10 (RLSA-2020:4712)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4712 advisory. - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request...

MagnusBilling application unauthenticated Remote Command Execution.

A Command Injection vulnerability in MagnusBilling application 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec. The parameter to exec includes the GET paramete...

Vapor's incorrect request error handling triggers server crash

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process...

CVE-2023-41043 Discourse DoS via SvgSprite cache

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

CVE-2023-34341

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...

Command Injection

redis is vulnerable to Command Injection. The vulnerability allows authenticated users to use the 'MSETNX' command to trigger a runtime assertion and termination withing the redis server process...