CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844

CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...

Exploit for CVE-2024-21534

Vulnerability Information: CVE-2024-21534 The jsonpath-plus...

Astra Linux – Vulnerability in docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...

Exploit for CVE-2024-4439

CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...

ROS-20241121-04

Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is related to...

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

CVE-2024-11075

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system e.g. local or via SSH a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration...

CVE-2024-11075 SICK Incoming Goods Suite privilege escalation vulnerability

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system e.g. local or via SSH a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration...

CVE-2024-11075 SICK Incoming Goods Suite privilege escalation vulnerability

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system e.g. local or via SSH a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration...

CVE-2024-11075

The CVE-2024-11075 entry concerns SICK’s Incoming Goods Suite. The description attributes privilege escalation to the use of component vendor Docker images running with root permissions, enabling an unprivileged user with local access to gain administrative control over the system. Affected produ...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SICK Incoming Goods Suite 安全漏洞

SICK Incoming Goods Suite is a logistics digital and service software from SICK, Germany. All incoming goods can be scanned manually to easily record goods input and increase transparency. A security vulnerability exists in SICK Incoming Goods Suite that stems from the use of a component vendor...

PT-2024-8846 · Sick Ag · Sick Ag Products

Name of the Vulnerable Software and Affected Versions: Incoming Goods Suite affected versions not specified SICK AG products affected versions not specified Description: A vulnerability in the Incoming Goods Suite and SICK AG products allows a user with unprivileged access to the underlying syste...

CVE-2024-41968

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS...

CVE-2024-41968 WAGO: Docker Settings Manipulation in Multiple Devices

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS...

CVE-2024-41968 WAGO: Docker Settings Manipulation in Multiple Devices

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS...

CVE-2024-41968

CVE-2024-41968 affects WAGO devices (e.g., CC100 0751-9x01; Edge Controller 0752-8303/8000-0002; PFC100/PFC200 series; TP600 variants) where a low-privilege, remote attacker can modify the device’s docker settings, enabling a limited Denial of Service. The NVD entry assigns CVSS 3.1 v3.1 base sco...

WAGO多款产品 访问控制错误漏洞

WAGO PFC100 and others are products of WAGO, a German company.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in several WAGO products. The vulnerability stems...