Lucene search
K

2055 matches found

OSV
OSV
added 2024/06/17 9:20 p.m.18 views

GHSA-W877-JFW7-46RJ DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1...

10CVSS9.2AI score0.00655EPSS
Exploits0References8
NVD
NVD
added 2024/06/17 8:15 p.m.27 views

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

10CVSS0.00655EPSS
Exploits0References2
CVE
CVE
added 2024/06/17 7:25 p.m.325 views

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

10CVSS9.2AI score0.00655EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.3 views

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library version 0.1.0 up to and including version 0.27.0, which stems from a vulnerability that will not prevent an...

10CVSS6.8AI score0.00655EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/17 12:0 a.m.22 views

DeepJavaLibrary API absolute path traversal

DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1.0 throu...

10CVSS6.6AI score0.00655EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.6 views

Fedora: Security Advisory for rust-uu_realpath (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2024/06/06 6:45 p.m.16 views

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS0.01168EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:45 p.m.11 views

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS7.7AI score0.01168EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 6:19 p.m.49 views

CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS0.02382EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.7 views

Fedora: Security Advisory for rust-uu_realpath (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/05/26 1:29 a.m.12 views

[SECURITY] Fedora 40 Update: rust-uu_realpath-0.0.23-3.fc40

realpath uutils display resolved absolute path of PATHNAME...

7.3AI score
Exploits0
OSV
OSV
added 2024/05/21 4:15 p.m.1 views

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...

5.3CVSS5.8AI score0.00524EPSS
Exploits1References1
NVD
NVD
added 2024/05/17 9:15 a.m.15 views

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

8.2CVSS8.2AI score0.00499EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/17 8:34 a.m.20 views

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

8.2CVSS6.8AI score0.00499EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/17 8:34 a.m.18 views

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Server-Side Request Forgery SSRF vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through...

8.2CVSS8.2AI score0.00499EPSS
Exploits0References1
NVD
NVD
added 2024/05/17 7:15 a.m.20 views

CVE-2023-25050

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6...

7.1CVSS6.9AI score0.00591EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.5 views

PT-2024-5048 · Unknown · Deepjavalibrary

Name of the Vulnerable Software and Affected Versions: DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access. This can allow a remote attacker to overwrite system files. The estimated number o...

10CVSS6.7AI score0.00655EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 7 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: symlink exchange attack in podman export volume CVE-2023-0778 - A vulnerability was found in...

4.9AI score0.00797EPSS
Exploits0References3
OSV
OSV
added 2024/05/07 4:15 p.m.4 views

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References2
NVD
NVD
added 2024/05/07 4:15 p.m.11 views

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

5.3CVSS6.7AI score0.00487EPSS
Exploits0References2
Rows per page
Query Builder