Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.29 that stems from the presence of a DNS rebinding vulnerability that could inadvertently allow remote access to the full API, which...

The vulnerability of the software that manages servers and data center infrastructure in Lenovo XClarity Administrator allows a malicious actor to gain unauthorized access to the end-point API without being verified. This vulnerability exposes the information, enabling unauthorized access.

The vulnerability of the software that manages servers and data center infrastructure in Lenovo XClarity Administrator relates to the disclosure of information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the end-point API without being...

PT-2024-23403 · WordPress · Wordpress Announcement & Notification Banner Plugin – Bulletin

Name of the Vulnerable Software and Affected Versions: WordPress Announcement & Notification Banner Plugin – Bulletin versions 3.8.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

CVE-2024-1222

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...

WordPress Plugin fx Private Site Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

alf.io Security Vulnerabilities

alf.io is open source ticket reservation system. A security vulnerability exists in alf.io versions prior to 2.0-Mr-2402. An attacker can exploit the vulnerability to view user ID details, especially the API KEY in the username...

The vulnerability of the SAP Application Interface Framework, a software tool for developing and managing application interfaces, arises from improper code generation. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the SAP Application Interface Framework, a software tool for developing and managing application interfaces, is related to improper code generation. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of data...

The vulnerability of the application software interface of the Cisco Meeting Server platform allows a perpetrator to cause a service failure.

The vulnerability of the application software interface of the Cisco Meeting Server platform is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2024-17674 · Juanpao · Juanpao Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical vulnerability was found in Juanpao JPShop, affecting the actionIndex function of the /api/controllers/merchant/app/ComboController.php file in the API component. The manipulation of...

PT-2024-13412 · Ibm · Ibm Tivoli Application Dependency Discovery Manager

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 Description: The issue allows an attacker on the organization's local network to escalate their privileges due to unauthorized API access. Recommendations:...

BuildKit 安全漏洞

BuildKit is concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit. A security vulnerability exists in BuildKit version v0.12.4 and earlier. An attacker could exploit this vulnerability to use the API to run containers with elevated privileges...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

The vulnerability of the API configuration of D-Link’s ONVIF micro-programmed Wi-Fi cameras series DCS-8300LHV2 allows a intruder to bypass the authentication process.

The vulnerability of the ONVIF configuration of D-Link’s DCS-8300LHV2 Wi-Fi camera software lies in the deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...