Lucene search

K

HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers Security Vulnerabilities

osv
osv

Server-Side Request Forgery in gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...

8.6CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:30 PM
2
github
github

Server-Side Request Forgery in gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...

8.6CVSS

8.3AI Score

0.0004EPSS

2024-06-06 06:30 PM
vulnrichment
vulnrichment

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 06:28 PM
cvelist
cvelist

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

0.0004EPSS

2024-06-06 06:28 PM
1
vulnrichment
vulnrichment

CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

6.7AI Score

0.0004EPSS

2024-06-06 06:19 PM
cvelist
cvelist

CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

0.0004EPSS

2024-06-06 06:19 PM
1
nvd
nvd

CVE-2024-4325

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

0.0004EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-4325

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

8.2AI Score

0.0004EPSS

2024-06-06 06:15 PM
23
talosblog
talosblog

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI Score

2024-06-06 06:00 PM
9
vulnrichment
vulnrichment

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

6.7AI Score

0.0004EPSS

2024-06-06 05:55 PM
cvelist
cvelist

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

0.0004EPSS

2024-06-06 05:55 PM
metasploit
metasploit

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-06 05:04 PM
13
ibm
ibm

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...

6.9AI Score

2024-06-06 04:18 PM
1
thn
thn

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....

9.8CVSS

8.3AI Score

0.972EPSS

2024-06-06 01:14 PM
1
thn
thn

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

7.2AI Score

2024-06-06 07:15 AM
2
packetstorm

7.4AI Score

2024-06-06 12:00 AM
75
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
trendmicroblog
trendmicroblog

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando...

7.4AI Score

2024-06-06 12:00 AM
6
almalinux
almalinux

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 8 : cockpit (RHSA-2024:3667)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
osv
osv

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
3
github
github

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
10
osv
osv

wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl

wolfictl leaks GitHub tokens to remote non-GitHub git servers in...

4.4CVSS

6.4AI Score

0.0004EPSS

2024-06-04 03:19 PM
3
thn
thn

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8.....

9.9CVSS

8.5AI Score

0.938EPSS

2024-06-04 02:43 PM
1
thn
thn

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

7.5CVSS

8AI Score

0.955EPSS

2024-06-04 03:25 AM
1
thn
thn

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...

7.3AI Score

2024-06-03 01:45 PM
1
securelist
securelist

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

7.8CVSS

6AI Score

0.003EPSS

2024-06-03 10:00 AM
5
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
5
redhatcve
redhatcve

CVE-2024-36020

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...

6.5AI Score

0.0004EPSS

2024-06-03 08:31 AM
1
nessus
nessus

RHEL 5 : libxi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Multiple Array Index error leading to heap-based OOB write (CVE-2013-1998) libXi: Insufficient...

7.5CVSS

8.9AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxfixes (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXfixes: Insufficient validation of server responses results in Integer overflow (CVE-2016-7944) ...

9.8CVSS

10AI Score

0.013EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxxf86dga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXxf86dga: Array Index error leading to heap-based OOB write (CVE-2013-2000) Multiple integer...

7.5AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: Command injection through clients via malicious svn+ssh URLs (CVE-2017-9800) Svnserve in...

9.8CVSS

8.9AI Score

0.129EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 7 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Insufficient validation of server responses in FontNames (CVE-2016-7943) The XGetImage function...

6.7CVSS

10AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the ...

7.6AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

9.8CVSS

10AI Score

0.014EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxv (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXv: Insufficient validation of server responses results in out-of bounds accesses (CVE-2016-5407) ...

9.8CVSS

10AI Score

0.011EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...

9.8CVSS

9.8AI Score

0.01EPSS

2024-06-03 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS

7.8AI Score

0.024EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. curl: FTP wildcard out of bounds read (CVE-2017-8817) CRLF injection vulnerability in libcurl 6.0...

8.8CVSS

7.5AI Score

0.017EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...

9.8CVSS

9.7AI Score

0.01EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: FTP symlink arbitrary filesystem access (CVE-2014-4877) wget: Lack of filename checking allows...

8.8CVSS

7.8AI Score

0.953EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tigervnc: NULL pointer dereference flaw in XRegion (CVE-2014-8241) Integer overflow in TigerVNC allows...

9.8CVSS

8.3AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : bzr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bzr: does not strip bzr+ssh SSH options (CVE-2017-14176) Algorithmic complexity vulnerability in the...

8.8CVSS

8.1AI Score

0.053EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : bind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) ISC...

7.5CVSS

7.1AI Score

0.934EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : bind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. DNS response rate limiting can simplify cache poisoning attacks (CVE-2013-5661) ISC BIND through...

7.5CVSS

7.5AI Score

0.01EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap: incorrect multi-keyword mode cipherstring parsing (CVE-2015-3276) ...

7.5CVSS

7.1AI Score

0.915EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ruby: Fiddle::Function.new heap buffer overflow (CVE-2016-2339) DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2,...

8.1CVSS

7.7AI Score

0.092EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...

7.5CVSS

7.4AI Score

0.256EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...

7.5CVSS

8AI Score

0.05EPSS

2024-06-03 12:00 AM
Total number of security vulnerabilities71453