Lucene search
+L

5 matches found

nvd
nvd
added 2026/07/01 1:17 p.m.7 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
nessus
nessus
added 2026/05/27 12:0 a.m.16 views

Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

8.8CVSS7.5AI score0.01168EPSS
Exploits1References2
ubuntu
ubuntu
added 2026/05/26 5:51 p.m.20 views

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS6AI score0.01168EPSS
Exploits1
osv
osv
added 2026/05/26 5:51 p.m.8 views

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS7.4AI score0.01168EPSS
Exploits1References2
snyk
snyk
added 2025/12/02 6:35 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to missing canonicalization of destination file paths during model downloads. The createNewFile function in pkg/agent/storage/https.go previously used the fileFullName argument directly without cleaning, allowing...

6.9CVSS7.5AI score
Exploits0References3
Rows per page
Query Builder