Azraelxuemo

**Name of the Vulnerable Software and Affected Versions** PyTorch versions prior to 2.10.0 **Description** PyTorch, a Python package for tensor computation, has an issue in its `weights only` unpickler. An attacker can create a malicious checkpoint file (`.pth`) that, when loaded using `torch.load(..., weights only=True)`, can cause memory corruption and potentially lead to arbitrary code execution. The vulnerability stems from improper validation of pickle opcodes and storage metadata within the `weights only=True` unpickler, specifically related to heap memory corruption via `SETITEM`/`SETITEMS` opcodes applied to non-dictionary types and storage size mismatches. The vulnerability is fully weaponized and can lead to remote code execution on any service that supports uploading and running a PyTorch model, even with security hardening. **Recommendations** Versions prior to 2.10.0 should be updated to version 2.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** PyTorch versions prior to 2.6.0 PyTorch ≤2.5.1 **Description** PyTorch is vulnerable to a Remote Command Execution (RCE) vulnerability. This flaw exists in versions 2.5.1 and prior, specifically when loading a model using the `torch.load()` function with the `weights only=True` parameter. Despite being previously considered a safe practice, loading models with this configuration can now lead to arbitrary code execution. The vulnerability allows attackers to craft malicious model files that can execute code on the victim system. The `torch.load()` function, when used with `weights only=True`, is susceptible to exploitation due to insecure deserialization. This vulnerability has a CVSS score of 9.3 and is considered critical. **Recommendations** Upgrade to PyTorch version 2.6.0 or later to address this vulnerability. As an interim measure, avoid using `torch.load()` with external files and implement additional verification of model content.

**Name of the Vulnerable Software and Affected Versions** Jeecg-boot version 3.4.3 **Description** A SQL injection issue was discovered in Jeecg-boot via the component `updateNullByEmptyString`. This allows for potential exploitation. **Recommendations** For Jeecg-boot version 3.4.3, consider restricting access to the `updateNullByEmptyString` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jeecg-boot version 3.4.3 **Description** A SQL injection issue was found in Jeecg-boot via the component /sys/dict/queryTableData. This allows for potential SQL injection attacks. **Recommendations** For Jeecg-boot version 3.4.3, as a temporary workaround, consider restricting access to the /sys/dict/queryTableData component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jeecg-boot version 3.4.3 **Description** A SQL injection issue was found in the component /sys/user/putRecycleBin. This allows for potential SQL injection attacks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Jeecg-boot version 3.4.3, consider restricting access to the /sys/user/putRecycleBin component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jeecg-boot version 3.4.3 **Description** A SQL injection issue was found in the /sys/user/deleteRecycleBin component. This could potentially allow an attacker to inject malicious SQL code. **Recommendations** For Jeecg-boot version 3.4.3, consider restricting access to the /sys/user/deleteRecycleBin component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESPCMS version P8.21120101 **Description** A remote code execution issue was found in the INPUT ISDESCRIPTION component. **Recommendations** For ESPCMS version P8.21120101, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESPCMS version P8.21120101 **Description** A remote code execution (RCE) issue was found in the UPFILE PIC ZOOM HIGHT component. **Recommendations** For ESPCMS version P8.21120101, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESPCMS version P8.21120101 **Description** A remote code execution issue was found in the IS GETCACHE component of the software, allowing for potential code execution from a remote location. **Recommendations** For ESPCMS version P8.21120101, consider disabling the IS GETCACHE component as a temporary workaround until a patch is available.