Security Vulnerabilities - CVEs Published In October 2024
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.
CVSS Score
6.5
EPSS Score
0.023
Published
2024-10-09
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-09
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
In some cases, rpd fails to restart requiring a manual restart via the 'restart routing' CLI command.
This issue only affects systems with BGP traceoptions enabled and
requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* 22.2 before 22.2R3-S5,
* 22.3 before 22.3R3-S4,
* 22.4 before 22.4R3-S3,
* 23.2 before 23.2R2-S2,
* 23.4 before 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* 22.2-EVO before 22.2R3-S5-EVO,
* 22.3-EVO before 22.3R3-S4-EVO,
* 22.4-EVO before 22.4R3-S3-EVO,
* 23.2-EVO before 23.2R2-S2-EVO,
* 23.4-EVO before 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-10-09
An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in
either of two ways:
* systems with BGP traceoptions enabled
* systems with BGP traffic engineering
configured
This issue can affect iBGP and eBGP with
any address family
configured. The specific attribute involved is non-transitive, and will not propagate across a network.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* 22.2 before 22.2R3-S5,
* 22.3 before 22.3R3-S4,
* 22.4 before 22.4R3-S3,
* 23.2 before 23.2R2-S2,
* 23.4 before 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* 22.2-EVO before 22.2R3-S5-EVO,
* 22.3-EVO before 22.3R3-S4-EVO,
* 22.4-EVO before 22.4R3-S3-EVO,
* 23.2-EVO before 23.2R2-S2-EVO,
* 23.4-EVO before 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-10-09
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems with BGP traceoptions enabled and
requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2;
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4-EVO before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S4-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-10-09
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.
CVSS Score
3.5
EPSS Score
0.004
Published
2024-10-09
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.
CVSS Score
5.3
EPSS Score
0.008
Published
2024-10-09
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-09
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-09
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.
CVSS Score
2.7
EPSS Score
0.002
Published
2024-10-09