PT-2024-32456 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.1 Description: The issue allows an attacker with a CVAT account to retrieve certain information about any project, task, job, or membership resource on the CVAT instance. This...

Virtuozzo Hybrid Infrastructure 6.2 Update 1 (6.2.1-51)

In this release, Virtuozzo Hybrid Infrastructure provides stability and performance improvements, as well as addresses issues found in previous releases. Vulnerability id: VSTOR-68405 Failed to deploy the compute cluster due to an issue with the default storage policy. Vulnerability id: VSTOR-880...

CVE-2024-41806

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

CVE-2024-41806

Open edX Platform's instructor CSV uploads for cohorts can be publicly accessible when using certain storage backends. The root cause is that uploads to AWS S3 buckets could be written with a public ACL in affected branches (master, palm, olive, nutmeg, maple, lilac, koa, juniper). A patch (commi...

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Vulnerability

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878 Introduction...

Jedox 2020.2.5 Configurable Storage Path Remote Code Execution

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...

CVE-2022-47878

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability...

CVE-2022-47878

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability...

Input validation

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code...

Jedox 代码问题漏洞

Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A code issue vulnerability exists in Jedox version 2020.2.5, which stems from incorrect input validation of the...

PT-2023-15510 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to...

Virtuozzo Hybrid Infrastructure 5.3 (5.3.0-130)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover Kubernetes as a Service, storage performance, security, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

Virtuozzo Hybrid Infrastructure 4.6 Update 2

This update provides bug fixes and improvements. Vulnerability id: VSTOR-45618 Incorrect storage usage values are reported. Vulnerability id: VSTOR-45724 Some users cannot access S3 via the user panel. Vulnerability id: VSTOR-44252 Detection of slow disks works inside virtual environments...