UNIX Symbolic Link (Symlink) Following

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the resolveexternaldatalocation function. An attacker can access arbitrary files outside the intended directory by supplying a symlink within the model...

Apple macOS Sonoma和Apple macOS Tahoe 安全漏洞

Apple macOS Sequoia and Apple macOS Tahoe are both operating systems from Apple USA Inc. A security vulnerability exists in Apple macOS Sonoma prior to version 14.8 and Apple macOS Tahoe prior to version 26, which stems from improper location of sensitive data and could result in applications...

BIT-NIFI-2023-34212 Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

...

CVE-2025-7020

An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS e.g. in the model ATTO3. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment IVI unit's storage. This allows the...

SUSE CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

Directory Traversal

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the saveexternaldata function. An attacker can overwrite arbitrary files by supplying crafted values to the externaldata.location parameter containing traversal sequences,...

UBUNTU-CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

SUSE CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

SUSE CVE-2023-0597

A flaw possibility of memory leak in the Linux kernel cpuentryarea mapping of X86 CPU data to memory was found in the way user can guess location of exception stacks or other important data. A local user could use this flaw to get access to some important data with expected location in memory...

6 Best Data Security Practices You Can Start Today

Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices yo...

Incorrect data location specifier can be abused to cause DoS and fund loss

Handle 0xRajeev Vulnerability details Impact The withdrawBounty loops through the bounties array looking for active bounties and transferring amounts from active ones. However, the data location specifier used for bounty is memory which makes a copy of the bounties array member instead of a...

RHEL 8 : exiv2 (RHSA-2020:1577)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1577 advisory. The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The...

Serverless ETLs? Easy Data Lake Transformations using AWS Athena

In a data lake raw data is added with little or no processing, allowing you to query it straight away. This gives you a great way to learn about your data - whether it represents a quick win or a fast fall. However, there are two disadvantages: performance and costs. If, for example you added CSV...

Exiv2 Input Validation Error Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by Andreas Huggel programmers. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. An input validation error vulnerability exists in Exiv2...

DEBIAN-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

ALPINE-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

Release Notes for Veeam Backup & Replication 9.5 Update 3

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 9.5 Update 3 Cause Please confirm you are running version 9.5.0.580, 9.5.0.711, 9.5.0.802, 9.5.0.823, 9.5.0.1038...