8 matches found
Arbitrary Code Injection
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the msdp\preprocessing script. An attacker can execute arbitrary code and escalate privileges...
PT-2023-9825
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description Gogs, an open-source self-hosted Git service, has an issue that allows a malicious user to write a file to an arbitrary path on the server, potentially gaining SSH access. The vulnerability resides in...
PT-2023-9258
Name of the Vulnerable Software and Affected Versions Gogs versions through 0.13.0 Description The issue is related to argument injection during the previewing of changes, which can allow a remote attacker to execute arbitrary commands. Unprivileged user accounts can write to arbitrary files on t...
GHSA-C86F-9GRV-PMQF Apache IoTDB grafana-connector contains an interface without authorization
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue...
GHSA-G6VM-3CH8-C6JQ Apache IoTDB Session Fixation vulnerability
Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue...
PYSEC-2022-43069
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...
Information Exposure
Overview foremanfogproxmox is a Foreman plugin adds Proxmox VE compute resource using fog-proxmox. It is compatible with Foreman 1.22+. Affected versions of this package are vulnerable to Information Exposure. A password leak was identified on Foreman project which will expose Proxmox compute...
PT-2017-8498 · Apache +1 · Apache Qpid Proton +1
Name of the Vulnerable Software and Affected Versions: Apache Qpid Proton library versions prior to 0.13.1 Description: The issue concerns the C client and C-based client bindings in the Apache Qpid Proton library, which do not properly verify the server hostname against the domain name in the...