ZenML 安全漏洞

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A directory traversal vulnerability exists in ZenML version 0.55.4, which stems from a lack of validity checking of a program's paths when processing directory requests, and can ...

CVE-2024-3054

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the...

CVE-2024-3054 WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the...

WordPress Plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

LoLLMs 路径遍历漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs lollms-webui that stems from insufficient validation of user-supplied file paths...

WP Poll Maker < 3.4 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the itepollthemeactionuninstall function and insufficient file path validation in all versions up to, and including, 3.1...

CVE-2024-27901

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application...

CVE-2024-27901

CVE-2024-27901 (SAP Asset Accounting) : The vulnerability arises from insufficient validation of user-supplied path information that is passed to the File API, enabling a directory-traversal condition. Impact is described as affecting confidentiality, integrity, and availability of the applicatio...

PT-2024-2957 · Sap · Sap Asset Accounting

Name of the Vulnerable Software and Affected Versions: SAP Asset Accounting affected versions not specified Description: The issue is related to insufficient validation of path information provided by users, which can be exploited by a high-privileged attacker to impact the confidentiality,...

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

CVE-2024-3116 Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

aiohttp: follow_symlinks directory traversal vulnerability

A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...

Authentication Bypass

OpenMetadata is vulnerable to Authentication Bypass. The vulnerability is caused due to improper path validation in the JwtFilter, allowing attackers to bypass authentication mechanisms by exploiting the presence of path parameters in requests...

Mageia: Security Advisory (MGASA-2024-0056)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated java-17-openjdk packages fix security vulnerabilities

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

Veritas NetBackup Security Vulnerability

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies. A security vulnerability exists in Veritas NetBackup versions prior to 8.1.2, and NetBackup versions prior to 3.1.2, which originates from a failure of the BPCD process...

PT-2024-2014 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 8.1.2 Veritas NetBackup Appliance versions prior to 3.1.2 Description: The issue is related to inadequate validation of the file path by the BPCD process, allowing an unauthenticated attacker to upload and...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...