LangChain < 0.2.9 SSRF

The remote host contains a langchain version that is prior to 0.2.9. It is, therefore, affected by a Server-Side Request Forgery vulnerability in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, highly sensitive information exposure,...

[SECURITY] Fedora 40 Update: python-virtualenv-20.21.1-25.fc40

virtualenv is a tool to create isolated Python environments. virtualenv is a successor to workingenv, and an extension of virtual-python. It is written by Ian Bicking, and sponsored by the Open Planning Project. It is licensed under an MIT-style permissive license...

[SECURITY] Fedora 39 Update: python-virtualenv-20.21.1-25.fc39

virtualenv is a tool to create isolated Python environments. virtualenv is a successor to workingenv, and an extension of virtual-python. It is written by Ian Bicking, and sponsored by the Open Planning Project. It is licensed under an MIT-style permissive license...

CVE-2024-48918

RDS Light (pre-1.1.0) contains a validation gap in the user input handling code (main.py) of the Reflective Dialogue System (RDS) AI framework. The vulnerability allows injection and potential memory tampering through unvalidated inputs, with impact on confidentiality, integrity, and availability...

CVE-2024-48918 Lack of Input Validation in RDS Light - Potential for Injection Attacks and Memory Tampering

RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...

CVE-2024-45219

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....

USN-7069-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Cryptographic API; - CPU frequency scaling framework; - HW tracing; - ISDN/mISDN subsystem; -...

[SECURITY] Fedora 41 Update: python-virtualenv-20.21.1-25.fc41

virtualenv is a tool to create isolated Python environments. virtualenv is a successor to workingenv, and an extension of virtual-python. It is written by Ian Bicking, and sponsored by the Open Planning Project. It is licensed under an MIT-style permissive license...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

Microsoft Azure Monitor 后置链接漏洞

Microsoft Azure Monitor Agent is a lightweight agent program that can be installed on servers or virtual machines in Azure or local environments. An elevation of privilege vulnerability exists in Microsoft Azure Monitor Agent, which is caused by an error in the Monitor Agent component. An attacke...

Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year

Qualys VMDR received the highest possible scores for risk-based assessment, cloud-native and serverless function scanning, and flexibility of deployment, among 20 vendors evaluated in this report. As the threat landscape evolves, vulnerability management remains a cornerstone of security...

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breache...

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...

The vulnerability of the Sequence Manager software in industrial environments lies in its insufficient validation of input data, allowing a malicious actor to trigger service failures.

The vulnerability of the Sequence Manager software in industrial environments is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger service failures remotely...

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0...

CVE-2024-41722

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or ...

Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments

Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments...

PT-2024-32422 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description: The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. Thi...

Addressing Cloud Identity Risks With TotalCloud CIEM

As organizations continue to embrace multi-cloud environments, leveraging platforms such as Amazon Web Services AWS, Microsoft Azure, Google Cloud Platform GCP, and Oracle Cloud Infrastructure OCI, the complexity of cloud security has increased exponentially. In cloud environments, machines are...