1320 matches found
CVE-2024-6959
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...
CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...
CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service DOS attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui...
CVE-2024-6959
A vulnerability (CVE-2024-6959) affects parisneo/lollms-webui version 9.8. The issue allows a Denial of Service when uploading an audio file by appending a large number of characters to the end of a multipart boundary, causing the system to repeatedly process each character and rendering the UI i...
PT-2024-6184 · Adobe · Audition
Name of the Vulnerable Software and Affected Versions: Adobe Audition versions 24.4.1, 23.6.6 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...
CBL Mariner 2.0 Security Update: sox (CVE-2017-15371)
The version of sox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-15371 advisory. - There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2...
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file as demonstrated by sixteen-stereo-to-eight-mono.c.
...
CVE-2024-6085
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
Astra Linux – Vulnerability in liblivemedia
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16...
CVE-2024-4499
A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...
PT-2024-31349 · Lollms +1 · Lollms +2
Name of the Vulnerable Software and Affected Versions: lollms version 9.6 Description: A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server due to a lax CORS policy, allowing attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage. This...
PT-2024-37373 · Phpvibe · Phpvibe
Name of the Vulnerable Software and Affected Versions: PHPVibe version 11.0.46 Description: A critical issue was found in the Media Upload Page component, specifically in the /app/uploading/upload-mp3.php file. The manipulation of the file argument leads to unrestricted upload. This issue can be...
RLSA-2024:3066 Moderate: exempi security update
Exempi provides a library for easy parsing of XMP metadata. Security Fixes: exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp file CVE-2020-18652 For more details about the security issues, including t...
Rocky Linux 8 : exempi (RLSA-2024:3066)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp file...
CVE-2024-35432
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...
CVE-2024-35432
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...
CVE-2024-35432
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...
ZKTeco ZKBioSecurity Cross-Site Scripting Vulnerability
ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A cross-site scripting vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1, which originates from a cross-site scripting attack that allows an authenticated user to inject malicious JavaScript code via...
RHEL 8 : exempi (RHSA-2024:3066)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3066 advisory. Exempi provides a library for easy parsing of XMP metadata. Security Fixes: exempi: denial of service via opening of crafted audio file with...
Moderate: Red Hat Security Advisory: exempi security update
An update for exempi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...