12 matches found
Arbitrary File Overwrite
ai.h2o, h2o-core is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a lack of export location restrictions in the model export endpoint, allowing an attacker to overwrite arbitrary files on the server...
Improper Input Validation
mudler/LocalAI is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of automatic archive extraction, allowing a 'tarslip' attack to bypass file location restrictions and write files to arbitrary locations on the server...
CVE-2023-20267
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability b...
PT-2023-17424 · Snort · Snort
Name of the Vulnerable Software and Affected Versions: Snort 3 affected versions not specified Description: A vulnerability in the IP geolocation rules could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This issue exists because the configuration for IP...
CVE-2022-1935
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...
Privilege Escalation
Red Hat Satellite is vulnerable to privilege escalation vulnerability. This is because the Satellite 6 does not properly enforce access controls on certain resources. Remote authenticated users with unlimited filters could bypass organization and location restrictions and read or modify data for ...
PT-2019-3931 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...
Authorization Bypass
foreman is vulnerable to authorization bypass. An unspecified vulnerability allows authenticated users to bypass organization and location restrictions to read, edit or delete organizations or locations...
CVE-2016-4475
The 1 Organization and 2 Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and a read, b edit, or c delete arbitrary organizations or locations via unspecified vectors...
PT-2016-5961 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.11.3 Foreman versions 1.12.x prior to 1.12.0-RC1 Description: The issue allows remote authenticated users with unlimited filters to bypass organization and location restrictions. This can be achieved by leveraging...
Foreman Security Mechanism Bypass Vulnerability
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman versions prior to 1.7.5. A remote attacker could exploit this...
CVE-2015-1844
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...