PT-2024-38020 · Localai · Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.17.1 Description: The localai backend is susceptible to remote code execution. This occurs because the backend accepts inputs from sources beyond the configuration file, enabling an attacker to upload and execute a...

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dover Fueling Solutions DFS Equipment : ProGauge MAGLINK LX CONSOLE Vulnerabilities : Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting,...

VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...

Cisco IOS HTTP Unauthorized Administrative Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...

TOTOLINK X6000R Command Injection Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK X6000R version 9.4.0cu.85220230719 suffers from a command injection vulnerability that originates from the parameter rtLogServer in the file /cgi-bin/cstecgi.cgi that can lead to command injection. An attacker c...

CVE-2024-38887

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges...

PT-2024-28258 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary...

The vulnerability of the typeedit.php file in the Tailoring Management System allows a hacker to execute arbitrary SQL code, gain unauthorized access to read or modify data, gain control over the system, or cause a service failure.

The vulnerability of the typeedit.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read or modify...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisorie...

The vulnerability of the client.so file of the Ruijie EG-2000SE software allows a hacker to gain access to the user account and gain control over the system.

The vulnerability of the client.so file of the Ruijie EG-2000SE microprogramming system lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to gain access to the user account and execute commands to gain control of the system...

Oracle Releases Critical Patch Update Advisory for July 2024

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Orac...

Cisco Releases Security Updates for Multiple Products

Cisco released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: Cisco Secu...

Citrix Releases Security Updates for Multiple Products

Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: NetScaler...

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-6186

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...

Fortinet Releases Security Updates for FortiOS 

Fortinet has released security updates to address a vulnerability in FortiOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary updates:...

Microsoft Releases June 2024 Security Updates

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisory and apply the necessary updates...

The vulnerability of the CMS system MinMax CMS, related to the use of strictly encrypted user data, allows a hacker to gain access to a user account and perform login operations.

The vulnerability of the CMS system MinMax CMS is related to the use of strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor to gain access to a user account and gain control over the system...

CVE-2024-4889

CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...