13 matches found
CVE-2024-2602
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...
EUVD-2017-7875
Malware in sbrugna...
EUVD-2021-8026
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadmodelmeta function. An attacker can execute arbitrary code by supplying a maliciously crafted serialized .mdl file th...
ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit
Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...
shared_preferences_android vulnerability
Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code execution. ...
GHSA-JRH5-VHR9-QH7Q Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads,...
SUSE-SU-2024:0592-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: - CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files bsc1219757...
SUSE CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...
UBUNTU-CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...
CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...
PYSEC-2021-613
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...
CVE-2017-16691
SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...