5 matches found
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
PT-2025-45521
Name of the Vulnerable Software and Affected Versions CVAT versions 2.4.0 through 2.48.1 Description CVAT is an interactive video and image annotation tool for computer vision. A user with the User global role can potentially create or overwrite files in the root of a mounted file share. If a fil...
PT-2006-2847 · Linux · Linux
Name of the Vulnerable Software and Affected Versions: Linux versions prior to 2.6.17 Description: A directory traversal issue in the CIFS implementation allows local users to bypass chroot restrictions on an SMB-mounted filesystem by utilizing ".." sequences. Recommendations: For Linux versions...