PT-2024-32858 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is related to a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from...

Gradio 数据伪造问题漏洞

Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a Data Forgery Problem vulnerability that stems from the fact that if an attacker gains access to the remote URL where th...

Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

GHSA-PFR9-2P92-QRHQ Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

Autodesk Navisworks Manage Installed (Windows)

Binary data autodesknavisworksmanagewininstalled.nbin...

Autodesk Navisworks Simulate Installed (Windows)

Binary data autodesknavisworkssimulatewininstalled.nbin...

Autodesk Navisworks Freedom Installed (Windows)

Binary data autodesknavisworksfreedomwininstalled.nbin...

CVE-2024-47046

A vulnerability has been identified in Simcenter Femap V2306 All versions, Simcenter Femap V2401 All versions, Simcenter Femap V2406 All versions. The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-21533

GGIT is affected across all versions by Arbitrary Argument Injection via the clone() API. The root cause is failure to sanitize user input and validate URL schemes, plus improper handling of git command-line flags (using -- to end options). Public details include a PoC from Snyk and a GitHub gist...

CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

CVE-2024-8927

CVE-2024-8927 affects PHP CGI: in PHP 8.1.x/8.2.x/8.3.x, the CGI wrapper relies on the HTTP_REDIRECT_STATUS variable to determine if a CGI binary is run by the server. In some configurations this value can be influenced by HTTP headers, bypassing cgi.force_redirect and potentially enabling arbitr...

CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

FastStone Image Viewer Installed (Windows)

Binary data faststoneimageviewerinstalled.nbin...

PostgreSQL pgAdmin4 Installed (Windows)

Binary data postgresqlpgadmin4wininstalled.nbin...

Progress Telerik UI for WinForms Installed

Binary data progresstelerikuiforwinformsinstalled.nbin...

PostgreSQL pgAdmin4 Installed (macOS)

Binary data postgresqlpgadmin4macosinstalled.nbin...

CVE-2024-41511

A Path Traversal Local File Inclusion vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter...