CVE-2024-4315

CVE-2024-4315 affects parisneo/lollms v9.5 and is a Local File Inclusion (LFI) flaw caused by insufficient path sanitization in the function that processes endpoints. The code fails to properly sanitize Windows-style paths (backslash), enabling directory traversal on Windows systems. Attackers co...

SUSE CVE-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt: Insecure sVirt label generation CVE-2021-3631 - An improper locking issue was found in the...

RHEL 8 : fwupdate (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Use-after-free in rmmod command CVE-2020-25632 - grub2: Out-of-bounds write in...

Amazon Linux 2 : ImageMagick (ALAS-2024-2559)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2559 advisory. A flaw was found in ImageMagick, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined...

Low: ImageMagick

Issue Overview: A flaw was found in ImageMagick, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability...

The vulnerability of the amu_fie_setup() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the amufiesetup function in the arch/arm64/kernel/topology.c module of the Linux operating system is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...

KLA68204 DoS vulnerability in Opera

Type confusion vulnerability was found in Opera. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Opera 110.0.5130.39 Stable update Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related products Opera CVE...

gmp: Integer overflow and resultant buffer overflow via crafted input

A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability...

kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()

A buffer underwrite vulnerability exists in the linux kernel in the function skbunderpanic in ip6mrcachereport, leading to an attacker, via crafting a payload, could result in damage to system availability and integrity...

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

Huawei HarmonyOS and EMUI account module power-up vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and the EMUI account module are...

Huawei HarmonyOS and EMUI AMS Module Denial of Service Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in the Huawei...

Huawei HarmonyOS and EMUI Cracking Vulnerabilities

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a cracking...

Siemens SIMATIC RTLS Locating Manager Data Authenticity Validation Insufficiency Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from a Data Authenticity Validation Insufficiency vulnerability due to an affecte...

KLA67586 Multiple vulnerabilities in Wireshark

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in MONGO and ZigBee TLV dissectors can be exploited to cause denial of service. 2. Denial...

The vulnerability of the __sock_xmit() function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sockxmit function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver is related to the use of uninitialized fields in the struct msghdr structure. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-33494

CVE-2024-33494 concerns Siemens SIMATIC RTLS Locating Manager products (multiple 6GT2780 variants). Connected sources confirm a vulnerability where affected components do not properly authenticate heartbeat messages, enabling an unauthenticated remote attacker to impact the availability of second...