5077 matches found
Synology DiskStation Manager Improper Encoding or Escaping of Output (CVE-2018-8920)
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. This plugin only works with Tenable.ot. Please visit...
CVE-2021-38963
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...
CVE-2021-38963
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...
IBM Aspera Console 安全漏洞
IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.4 that originates from CSV...
CVE-2021-38963 IBM Aspera Console CSV injection
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...
CVE-2021-38963
IBM Aspera Console versions 3.4.0–3.4.4 are affected by a CSV injection vulnerability that could allow a remote authenticated attacker to execute arbitrary code by persuading a user to open a crafted file. The issue affects IBM Aspera Console and is driven by CSV injection in the application. Rem...
CVE-2021-38963 IBM Aspera Console CSV injection
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...
GHSA-G2M8-F3X2-QPRW Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
GHSA-4FGP-7VVM-M4JF Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
CVE-2024-27321
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
CVE-2024-27320
The CVE-2024-27320 entry concerns the Refuel Autolabel library. The connected PT-2024-21820 and related sources confirm an arbitrary code execution flaw in versions 0.0.8 and newer, caused by handling of CSV files in classification tasks where Python code can be injected and executed via eval. Im...
Autolabel 安全漏洞
Autolabel is a Python library open-sourced by refuel-ai. It is used to label, clean, and enrich textual datasets using any Large Language Model LLM. A security vulnerability exists in Autolabel 0.0.8 and earlier versions, which stems from the presence of an arbitrary code execution vulnerability...
PT-2024-21820 · Unknown · Refuel Autolabel Library
Name of the Vulnerable Software and Affected Versions: Refuel Autolabel library versions 0.0.8 and newer Description: An arbitrary code execution issue exists due to the way the Refuel Autolabel library handles provided CSV files in its classification tasks. If a maliciously crafted CSV file...
CVE-2024-27113
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...