2460 matches found
USN-6821-2: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...
Server-Side Request Forgery (SSRF)
langchain is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of requests in the Web Research Retriever component, allowing it to reach local addresses and enabling attackers to execute port scans, access local services, and potentially read instanc...
Important: Red Hat Security Advisory: ipa security update
An update for ipa is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 9 : ipa (RHSA-2024:3757)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...
GHSA-Q25C-C977-4CMH Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...
CVE-2024-3095
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This...
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This...
CVE-2024-3095
CVE-2024-3095 affects langchain-ai/langchain up to version 0.1.5, where the Web Research Retriever allows SSRF by failing to restrict requests to remote addresses. This enables potential access to local services, port scans, and reading cloud-instanced metadata, mainly via GET requests. The in‑do...
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This...
CVE-2024-2362
The CVE-2024-2362 entry concerns parisneo/lollms-webui versión 9.3 on Windows, with a path traversal vulnerability in the del_preset endpoint due to inadequate input sanitization. The issue permits an attacker to delete files outside the intended directory by supplying absolute or traversal path...
[SECURITY] Fedora 39 Update: apptainer-1.3.2-1.fc39
Apptainer provides functionality to make portable containers that can be used across host environments...
[SECURITY] Fedora 40 Update: apptainer-1.3.2-1.fc40
Apptainer provides functionality to make portable containers that can be used across host environments...
Moderate: Red Hat Bug Fix Advisory: Red Hat Advanced Cluster Management 2.9.4 bug fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.9.4 General Availability release images, which fix bugs and update container images. Red Hat Advanced Cluster Management for Kubernetes 2.9.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common...
Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company...
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...
silverstripe/framework has possible denial of service attack vector when flushing
A possible denial of service attack vector has been identified in the dev/build system controller. dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments...
PT-2024-40251 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: dev/build system controller affected versions not specified Description: A possible denial of service attack vector has been identified. The dev/build system now uses its own URL token for authentication when running outside of dev...
GHSA-55QG-6C4M-MW6G silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors including backtraces and other debugging tool...
Exploit for CVE-2024-4956
README.md CVE-2024-4956 Bulk Scanner Disclaimer Th...