CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

CVE-2024-7010 Timing Attack in mudler/localai

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

Reducing False Positives in API Security: Advanced Techniques Using Machine Learning

False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging technologies like machine learning ML can help organizations minimize false positives and streamline t...

SUSE CVE-2024-50064

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

CVE-2024-50064

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

DEBIAN-CVE-2024-50064

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

UBUNTU-CVE-2024-50064

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

CVE-2024-50064 zram: free secondary algorithms names

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

CVE-2024-50064 zram: free secondary algorithms names

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

[SECURITY] Fedora 39 Update: rust-libcramjam0.2-0.2.0-7.fc39

Compression library combining a plethora of algorithms in a similar as possible API...

[SECURITY] Fedora 39 Update: python-cramjam-2.8.3-8.fc39

Thin Python bindings to de/compression algorithms in Rust...

[SECURITY] Fedora 41 Update: python-cramjam-2.8.3-9.fc41

Thin Python bindings to de/compression algorithms in Rust...

Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations

Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...

CVE-2024-47360

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20...

CVE-2024-47360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through = 1.6.20...

CVE-2024-47360

CVE-2024-47360 : WordPress BA Book Everything plugin (vulnerable:

USN-7051-1 python-asyncssh vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

CVE-2024-8452

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

CVE-2024-8452 PLANET Technology switch devices - Insecure hash functions used for SNMPv3 credentials

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

PT-2024-39022 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns the use of obsolete algorithms for authentication and encryption protocols in the SNMPv3 service, potentially allowing attackers to obtain plainte...