9 matches found
CVE-2021-27117
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Ray OS Command Injection vulnerability
A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...
GHSA-H3XG-WV58-5P43 Ray OS Command Injection vulnerability
A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
A command injection existed in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...
CVE-2023-6019
Ray’s CVE-2023-6019 is an RCE via the cpu_profile URL parameter on the Ray dashboard, allowing remote code execution without authentication. Exploitation evidence exists in public Metasploit modules for Ray CPU profile injection, and related LFI/RCE advisories corroborate the class of impact. The...
Ray Operating System Command Injection Vulnerability
Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. Ray suffers from an OS command injection vulnerability that stems from a command injection vulnerability in the cpuprofile URL parameter. An attacker can exploit this vulnerability to run the Ray...
PT-2023-8891 · Ray · Ray
Name of the Vulnerable Software and Affected Versions: Ray versions affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands using specially...
Clario: Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com
Summary Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com. Steps To Reproduce Go to: https://api-ne.mackeeper.com/debug/pprof/ You will see these links: - allocs: A sampling of all past memory allocations - block: Stack traces that led to blocking on synchronization primitives...
Moderate: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update
An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...