Lucene search
K

101 matches found

NVD
NVD
added 2025/02/13 2:16 p.m.9 views

CVE-2025-1247

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

8.3CVSS0.00724EPSS
Exploits0References6
CVE
CVE
added 2025/02/13 1:26 p.m.283 views

CVE-2025-1247

CVE-2025-1247 affects Quarkus REST: a flaw where request parameters leak between concurrent requests when endpoints use field injection without a CDI scope. Root cause is shared per-request data in fields; attackers could manipulate data, impersonate users, or access sensitive information. Mitiga...

8.3CVSS6.8AI score0.00724EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 12:22 p.m.7 views

CVE-2024-52398

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through = 5.5.3...

9.1CVSS7.2AI score0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.5 views

PT-2025-5678 · Unknown +1 · Nbdkit-Server +9

Name of the Vulnerable Software and Affected Versions: cdi-apiserver-container affected versions not specified cdi-cloner-container affected versions not specified cdi-controller-container affected versions not specified cdi-importer-container affected versions not specified cdi-operator-containe...

7.2AI score
Exploits0References2
NVD
NVD
added 2024/11/16 10:15 p.m.13 views

CVE-2024-52398

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through = 5.5.3...

9.1CVSS0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/16 10:8 p.m.10 views

CVE-2024-52398 WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3...

9.1CVSS7AI score0.00476EPSS
Exploits0References1
CVE
CVE
added 2024/11/16 10:8 p.m.52 views

CVE-2024-52398

CVE-2024-52398 affects the WordPress plugin CDI (Collect and Deliver Interface for WooCommerce) with versions up to and including 5.5.3. The vulnerability is Unrestricted Upload of File with Dangerous Type, enabling arbitrary file uploads. Public references in Red Hat advisories and Patchstack co...

9.1CVSS7.2AI score0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/16 12:0 a.m.5 views

PT-2024-35236 · Unknown · Halyra Cdi

Name of the Vulnerable Software and Affected Versions: Halyra CDI versions n/a through 5.5.3 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI. This allows for the upload of files with dangerous types. Recommendations: For versions...

9.1CVSS9.4AI score0.00476EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/11/13 8:43 a.m.6 views

WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin CDI versions = 5.5.3...

9.1CVSS7AI score0.00476EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.13 views

WordPress CDI Plugin <= 5.5.3 is vulnerable to Arbitrary File Upload

Software CDI Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52398 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a3849d91bb27 Credits Joshua Chan Required privilege Shop manager...

9.1CVSS6.8AI score0.00476EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/29 7:52 p.m.19 views

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

4.1CVSS7AI score0.00235EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/10/29 7:48 p.m.11 views

GHSA-MJJW-553X-87PQ NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...

9.3CVSS9.1AI score0.37055EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2024/10/29 7:48 p.m.19 views

NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...

9CVSS7.8AI score0.37055EPSS
Exploits2References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/10/29 12:0 a.m.15 views

NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...

9CVSS7.3AI score0.37055EPSS
Exploits2References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/11 12:0 a.m.25 views

CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2024-0132)

The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0132 advisory. - NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU...

9CVSS8.7AI score0.37055EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/10/08 4:26 p.m.14 views

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/09/28 3:17 a.m.3 views

SUSE CVE-2024-0133

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

4.7CVSS6.8AI score0.00235EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/09/26 7:8 a.m.22 views

CVE-2024-0133

A flaw was found in the in the default mode of operation in the NVIDIA Container Toolkit. This flaw allows a specially crafted container image to create empty files on the host file system. This issue does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead...

3.4CVSS6.6AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2024/09/26 6:15 a.m.4 views

AZL-50184 CVE-2024-0133 affecting package nvidia-container-toolkit for versions less than 1.16.2-1

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

3.4CVSS7.1AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 6:15 a.m.3 views

CVE-2024-0133

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

3.4CVSS7.1AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder