BIT-MLFLOW-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CVE-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

EUVD-2021-22117

Malware in sbrugna...

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

The vulnerability of the chroot environment manager used for creating RPM packages for Mock allows for arbitrary code execution due to insufficient input validation.

The vulnerability of the chroot environment manager used for creating RPM packages for Mock is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GHSA-GMG2-3W6V-945P Password stored in plain text by Parasoft Environment Manager Plugin

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting (XSS)

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Date: 24/06/2021 Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475...

SAS Environment Manager 2.5 - (name) Stored Cross-Site Scripting Vulnerability

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475 Description SAS®...

SAS Environment Manager 2.5 Cross Site Scripting

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Date: 24/06/2021 Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475...

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

Cross site scripting

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

CVE-2021-35475

CVE-2021-35475 : SAS Environment Manager 2.5 is affected by a stored XSS via the Name field when creating or editing a server. The vulnerability arises from insufficient sanitization of the Name field, allowing injected scripts to execute, with the XSS trigger visible when editing Configuration P...

SAS Environment Manager 跨站脚本漏洞

SAS Environment Manager is a web-based management solution for SAS environments from SAS, Inc. A security vulnerability exists in SAS Environment Manager that stems from SAS Environment Manager 2.5 allowing XSS to pass through the Name field when creating an edit server. An attacker could exploit...

Unspecified Vulnerability in CloudBees Jenkins Parasoft Environment Manager Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability exists in the CloudBees Jenkins Parasoft Environment Manager plug-in, which can be exploited by an attacker to gain read access or access...

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...