CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...

CVE-2024-3033

The CVE-2024-3033 issue affects mintplex-labs/anything-llm, specifically the "/api/v/" endpoint and its sub-routes. It is described as an improper authorization vulnerability that allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and del...

PT-2024-23319 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: An improper authorization issue exists in the mintplex-labs/anything-llm application, specifically within the "/api/v/" endpoint and its sub-routes. This flaw allows...

GO-2024-2764 Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher...

BIT-HUBBLE-RELAY-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

UBUNTU-CVE-2024-35884

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...

BIT-CILIUM-OPERATOR-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

Type Confusion

libxmljs is vulnerable to Type Confusion. The vulnerability is caused by parsing a specially crafted XML documented due to invoking the namespaces function on a grand-child node that refers to an entity. This allows an attacker to execute arbitrary code, or cause Denial of Service DoS...

Type Confusion

libxmljs2 is vulnerable to Type Confusion. The vulnerability is caused by parsing a specially crafted XML documented due to invoking the namespaces function on a grand-child node that refers to an entity. This allows an attacker to execute arbitrary code, or cause Denial of Service DoS...

GHSA-78H3-PG4X-J8CV libxmljs2 vulnerable to type confusion when parsing specially crafted XML

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes XmlNode::getlocalnamespaces on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code...

GHSA-MG49-JQGW-GCJ6 libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes wrapxmlNodensDefget on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution...

CVE-2024-34394

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes XmlNode::getlocalnamespaces on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code...

CVE-2024-34392

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes wrapxmlNodensDefget on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution...

CVE-2024-34394 libxmljs2 namespaces type confusion RCE

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes XmlNode::getlocalnamespaces on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code...

CVE-2024-34392 libxmljs namespaces type confusion RCE

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes wrapxmlNodensDefget on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution...

PT-2024-25853 · Libxmljs · Libxmljs

Name of the Vulnerable Software and Affected Versions: libxmljs affected versions not specified Description: The issue is related to a type confusion vulnerability that occurs when parsing a specially crafted XML. This happens when the namespaces function is invoked on a grand-child of a node tha...

PT-2024-25855 · Libxmljs2 · Libxmljs2

Name of the Vulnerable Software and Affected Versions: libxmljs2 affected versions not specified Description: The issue is related to a type confusion vulnerability that occurs when parsing a specially crafted XML. This happens when the namespaces function is invoked on a grand-child of a node th...

K000139430: Linux kernel vulnerability CVE-2024-1086

Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can...

kernel: net: fix UaF in netns ops registration error path

A use-after-free vulnerability was found in the Linux kernel in the opsinit function, where improper error handling can result in an out-of-bounds error. This issue occurs if the function netassigngeneric fails and the error-handling code attempts to clean up a pointer that was never properly...

@cardinal/namespaces-components (>=4.1.0 <=5.0.0), @frakters/fusion-pool (>=1.0.0 <=1.0.4) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.32.0)

@solana/web3.js NPM version =1.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @cardinal/namespaces-components =4.1.0, =1.0.0, =0.0.29, =0.0.32 Source cves: CVE-2024-30253 Source advisory:...