2 matches found
CVE-2024-37902 Path thraversal in DeepJavaLibrary
DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...
PT-2022-24534 · Asus · Armoury Crate Service
Name of the Vulnerable Software and Affected Versions: Armoury Crate Service affected versions not specified Description: The issue concerns Armoury Crate Service's logging function, which lacks sufficient validation to check if the log file is a symbolic link. This allows a physical attacker wit...