|
307841
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
atak_plugin
|
The goTenna Pro ATAK Plugin does not inject extra characters into
broadcasted frames to obfuscate the length of messages. This makes it
possible to tell the length of the payload regardless of the …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-41715
|
2024-10-18 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307842
|
9.1 |
CRITICAL
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `sh…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-47871
|
2024-10-18 02:11 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307843
|
7.5 |
HIGH
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the …
|
CWE-22
Path Traversal
|
CVE-2024-47868
|
2024-10-18 02:04 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307844
|
4.3 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-47168
|
2024-10-18 02:00 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307845
|
3.7 |
LOW
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-47869
|
2024-10-18 01:59 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307846
|
8.1 |
HIGH
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `r…
|
CWE-362
Race Condition
|
CVE-2024-47870
|
2024-10-18 01:57 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307847
|
5.4 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users c…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47872
|
2024-10-18 01:54 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307848
|
9.8 |
CRITICAL
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47167
|
2024-10-18 01:53 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307849
|
5.3 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this…
|
CWE-22
Path Traversal
|
CVE-2024-47166
|
2024-10-18 01:48 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307850
|
9.8 |
CRITICAL
Network
|
hdfgroup
|
hdf5
|
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-32608
|
2024-10-18 01:47 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
