Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-1327

Malware in sbrugna...

5.1CVSS6.4AI score0.02408EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-5555

Malware in sbrugna...

8.8CVSS8.8AI score0.0149EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2112

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01307EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 a.m.10 views

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

8.8CVSS7.5AI score0.0149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:58 a.m.5 views

CVE-2024-10986

GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...

8.8CVSS6.7AI score0.00751EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12216 Arbitrary File Write via TarSlip in dmlc/gluon-cv

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS7AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:46 p.m.22 views

CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

9.1CVSS0.01307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.4 views

PT-2024-37290

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.4 Description: A path traversal issue exists in the "/v1/runs" API endpoint, allowing attackers to exploit this vulnerability when extracting tar.gz files. This can be used to deploy malicious tar.gz plugins that...

9.8CVSS7.6AI score0.01307EPSS
Exploits1References12
NVD
NVD
added 2019/07/29 4:15 p.m.16 views

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

8.8CVSS8.8AI score0.0149EPSS
Exploits0References1
Prion
Prion
added 2019/07/29 4:15 p.m.11 views

Code injection

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

6.5CVSS7.7AI score0.0149EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/29 3:41 p.m.17 views

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

8.9AI score0.0149EPSS
Exploits0References1
CVE
CVE
added 2019/07/29 3:41 p.m.43 views

CVE-2015-5601

CVE-2015-5601 affects edx-platform prior to 2015-07-20. A vulnerable endpoint (course import) mishandles .tar.gz files, allowing code execution by privileged users. Documents provide CVSS details (2.0/6.5; 3.0/8.8) indicating impact on confidentiality, integrity, and availability (all high/partia...

8.8CVSS8.7AI score0.0149EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder