20 matches found
EUVD-2015-6962
Malware in sbrugna...
EUVD-2023-2287
Malicious code in bioql PyPI...
EUVD-2023-1891
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-47950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...
Remote Code Execution (RCE)
ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because yaml.load from PyYAML is used in tests/run.py, allowing attackers to execute arbitrary code via a crafted YAML configuration file...
CVE-2025-50460
A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...
CVE-2025-50460
A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...
GHSA-R54C-2XMF-2CF3 MS SWIFT Deserialization RCE Vulnerability
This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...
MS SWIFT Deserialization RCE Vulnerability
This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...
modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by unknown CVE via ms-swift (>=1.3.0 <=3.10.3)
ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R54C-2XMF-2CF3...
scepter (>=1.1.0 <=1.4.1) potentially affected by CVE-2025-41419 via ms-swift (=3.10.3)
ms-swift PYPI version =3.10.3 is affected by a known vulnerability. The following packages have a transitive dependency on ms-swift and may be impacted: - scepter =1.1.0, =1.4.1 Source cves: CVE-2025-41419 Source advisory: SNYK:PYTHON-MSSWIFT-11502591...
CVE-2023-39135
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...
CVE-2022-24777
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
Path traversal in Zip Swift
An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...
Authorization Bypass
openstack-swift is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the...
Apple Xcode Swift Information Disclosure Vulnerability
Xcode is the development tool used on Apple machines. Versions of Apple Xcode prior to 7.1 have mishandled type conversions in the Swift implementation, allowing attackers to obtain sensitive information...
Swift: unauthorized deletion of versioned Swift object
A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...
DEBIAN-CVE-2015-1856
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
CVE-2014-3497
Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...
USN-2256-1 swift vulnerability
John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing...