Lucene search
K

55 matches found

Cvelist
Cvelist
added 2024/07/22 3:21 p.m.39 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS0.00501EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-28627 · Bert-Vits · Bert-Vits

Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue is related to the data dir variable, where user input is concatenated with other folders and used to open a new file in the generate config function, leading to a limited file write...

6.5CVSS6.8AI score0.00501EPSS
Exploits1References7
NVD
NVD
added 2024/06/06 7:16 p.m.45 views

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS0.03757EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/06 6:20 p.m.46 views

CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS0.03757EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.16 views

CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

7.5CVSS6.6AI score0.00779EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 11:4 a.m.71 views

BIT-MATTERMOST-2022-1332

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...

4.3CVSS4.4AI score0.00625EPSS
Exploits0References2
NVD
NVD
added 2024/02/20 10:15 p.m.17 views

CVE-2024-26136

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...

7.5CVSS7.5AI score0.00539EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 9:40 p.m.76 views

CVE-2024-26136

CVE-2024-26136 — kedi ElectronCord is a Discord bot-management tool. The issue arises from a commit that exposes an account access token in the config.json file, enabling potential unauthorized access or actions on behalf of the repository owner. Several connected sources corroborate token exposu...

7.5CVSS7.5AI score0.00539EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.6 views

kedi ElectronCord Security Vulnerability

kedi ElectronCord is a bot management tool for Discord. A security vulnerability exists in kedi ElectronCord that originates from allowing account access tokens to be exposed in the "config.json" file...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References3
Veracode
Veracode
added 2023/12/22 6:58 a.m.18 views

Insecure Deserialization

huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...

8.8CVSS7.6AI score0.00921EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/02 4:15 p.m.18 views

Design/Logic Flaw

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

5CVSS5.3AI score0.00624EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/02 3:19 p.m.51 views

CVE-2023-34094

Summary: CVE-2023-34094 affects the ChuanhuChatGPT GUI for ChatGPT and related LLMs. A vulnerability in versions 20230526 and earlier allows an unauthenticated attacker to read the private config.json file, enabling theft of API keys stored there. The issue arises when authentication is not confi...

7.5CVSS6AI score0.00624EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/02 3:19 p.m.45 views

CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

7.5CVSS7.7AI score0.00624EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/11/08 11:35 a.m.173 views

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.1CVSS6.7AI score0.00331EPSS
Exploits2References21
Rockylinux
Rockylinux
added 2022/10/25 7:32 a.m.22 views

container-tools:rhel8 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

0.2AI score
Exploits0
OSV
OSV
added 2022/05/24 5:21 p.m.4 views

GHSA-9W4V-9C99-HV7R Mattermost Server exposes sensitive information via its System Console UI

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...

7.1CVSS6.6AI score0.00933EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/04/14 12:0 a.m.22 views

Improper Privilege Management in Mattermost

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. Per the Mattermost security updates...

4.3CVSS5.5AI score0.00625EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2022/04/13 6:15 p.m.32 views

CVE-2022-1332

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...

4.3CVSS0.00625EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/13 5:6 p.m.36 views

CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...

4.3CVSS4.9AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2022/04/13 5:6 p.m.17 views

CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...

4.3CVSS5.9AI score0.00625EPSS
Exploits0References3
Rows per page
Query Builder