15 matches found
CVE-2025-53358
Summary (CVE-2025-53358) : Kotaemon, an open‑source RAG-based document tool, is affected in versions up to 0.10.6. The function index_fn in libs/ktem/ktem/index/file/ui.py accepts both URLs and local file paths without validation, causing the pipeline to stream and store these paths. This enables...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
SUSE CVE-2004-1139
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service application crash...
Debian: Security Advisory (DLA-3056-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALPINE-CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
DEBIAN-CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
UBUNTU-CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
DEBIAN-CVE-2010-2286
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service infinite loop via unknown vectors...
Fedora Core 11 FEDORA-2009-6972 (poppler)
The remote host is missing an update to poppler announced via advisory FEDORA-2009-6972. OpenVAS Vulnerability Test $Id: fcore20096972.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-6972 poppler Authors: Thomas Reinke Copyright: Copyright c 2009...
Fedora 11 : poppler-0.10.7-2.fc11 (2009-6972)
An update to the latest stable upstream release fixing many bugs, as well as addressing several security issues. Release announcement, http://lists.freedesktop.org/archives/poppler/2009-May/004721.html Note that Tenable Network Security has extracted the preceding description block directly from...
CVE-2005-0704
Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code...
PT-2005-1745 · Ethereal +1 · Ethereal +1
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.7 through 0.10.9 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, when the "ignore cipher bit" option is enabled in the GPRS-LLC dissector. Recommendations:...
security flaw
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service application crash...
PT-2004-2106 · Ethereal +1 · Ethereal +1
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.1 through 0.10.7 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending a certain packet that causes the HTTP dissector to access...
PT-2004-2104 · Ethereal +1 · Ethereal +1
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.4 through 0.10.7 Description: The issue is related to an unknown vulnerability in the DICOM dissector, which allows remote attackers to cause a denial of service, resulting in an application crash. Recommendations: For...