CVE-2024-5629 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

Advisory ROSA-SA-2024-2400

Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...

CVE-2024-21102 vulnerabilities

Vulnerabilities for packages: mysql...

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

PT-2024-3122 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code...

PT-2024-3169 · Microsoft · Odbc Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver for SQL Server affected versions not specified Description: The vulnerability in the Microsoft ODBC Driver for SQL Server is related to an integer overflow. It allows a remote attacker to execute arbitrary code...

PT-2024-3129 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft OLE DB Driver for SQL Server, which can be exploited by a remote attacker to execute...

BIT-GITLAB-2020-13356

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...

CVE-2023-27513

Uncontrolled search path element in some IntelR Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

GHSA-V4J2-CWMM-XG89 OpenCart Path Traversal vulnerability

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

OpenCart Path Traversal vulnerability

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

DLA-3547-1 tryton-server - security update

Bulletin has no description...

GHSA-PV7Q-V9MV-9MH5 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameterpath. The request parameters are not...

Cross site scripting

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

CVE-2023-38501

Copyparty (portable file server) is affected by CVE-2023-38501 via a reflected XSS in the web interface, exploitable through URL parameters ?k304=... and ?setck=... in versions prior to 1.8.7. The vulnerability allows an attacker to execute arbitrary JavaScript by enticing a user to click a craft...

CVE-2023-38501 copyparty vulnerable to reflected cross-site scripting via k304 parameter

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...

GHSA-H4C9-RR5M-32FM RuoYi vulnerable to arbitrary file download

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server...

WiFi Mouse 1.8.3.2 Remote Code Execution

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Date: 13-10-2022 Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which do...

PT-2023-13472 · Intel · Fcs Server

Name of the Vulnerable Software and Affected Versions: FCS Server software maintained by Intel versions prior to 1.1.79.3 Description: The issue is related to an uncaught exception in the FCS Server software, which may allow a privileged user to potentially enable denial of service via physical...