https://cve.circl.lu/rss/recent/pysec/10 2024-12-11T22:45:16.465802+00:00 Vulnerability Lookup info@circl.lu python-feedgen Contains only the most 10 recent entries. https://cve.circl.lu/vuln/pysec-2015-42 2024-12-11T22:45:16.478327+00:00 providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP). https://cve.circl.lu/vuln/pysec-2022-43162 2024-12-11T22:45:16.478307+00:00 Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. https://cve.circl.lu/vuln/pysec-2020-343 2024-12-11T22:45:16.478289+00:00 blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. https://cve.circl.lu/vuln/pysec-2024-154 2024-12-11T22:45:16.478269+00:00 Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI release artifacts and was not present in the public GitHub repository. https://cve.circl.lu/vuln/pysec-2024-111 2024-12-11T22:45:16.478248+00:00 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. https://cve.circl.lu/vuln/pysec-2023-278 2024-12-11T22:45:16.478229+00:00 MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. https://cve.circl.lu/vuln/pysec-2024-82 2024-12-11T22:45:16.478210+00:00 Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. https://cve.circl.lu/vuln/pysec-2024-83 2024-12-11T22:45:16.478190+00:00 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction. https://cve.circl.lu/vuln/pysec-2024-84 2024-12-11T22:45:16.478161+00:00 Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it. https://cve.circl.lu/vuln/pysec-2024-85 2024-12-11T22:45:16.478089+00:00 Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.