57 matches found
PT-2024-34946 · Go Skynet · Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.14.0 github.com/go-skynet/LocalAI before v2.16.0 Description: A path traversal vulnerability exists, allowing an attacker to exploit the model parameter during the model deletion process to delete arbitrary files. By...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
SUSE CVE-2024-29903
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...
Trellix ePolicy Orchestrator Input Validation Error Vulnerability
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of an open redirection vulnerability. A low-privileged attacker can exploit t...
Trellix ePolicy Orchestrator Cross-Site Request Forgery Vulnerability
Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of a cross-site request forgery CSRF vulnerability. A low-privileged attacker...
Vulnerability fixed in CUPS
A vulnerability has been fixed in CUPS. A malicious party could exploit the vulnerability to execute arbitrary code with permissions from the print server. For successful exploitation, the malicious party must offer a specially prepared Postscript file to the print server, or trick a trick a user...
CVE-2023-39549
A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 2. The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of...
CVE-2023-30986
A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 3, Solid Edge SE2023 All versions V223.0 Update 2. Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the...
AgilePoint NX 路径遍历漏洞
AgilePoint NX is a cloud-based digital transformation platform from AgilePoint Japan that enables enterprise-class BPMS with no-code and low-code speed and agility. A security vulnerability exists in AgilePoint NX v8.0 SU2.2 and SU2.3 versions, which stems from a vulnerability that allows path...
SUSE CVE-2012-0501
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors...
SUSE CVE-2016-1607
Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request...
CVE-2023-24552
A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to t...
PT-2022-21491 · Apple · Macos Monterey +7
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Big Sur versions prior to 11.6.8 watchOS versions prior to 8.7 tvOS versions prior to 15.6 macOS Monterey versions prior to 12.5 macOS Catalina versions prior to Security Update...
Vulnerability fixed in pfSense
NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...
CVE-2021-39830
Adobe Framemaker versions 2019 Update 8 and earlier and 2020 Release Update 2 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...
Adobe Framemaker 资源管理错误漏洞
Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.A post-release reuse vulnerability exists in Adobe Framemaker 2019 Update 8, 2020 Release Update 2 and earlier versions. An attacker could exploit this vulnerability...
CVE-2021-37749
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...
CVE-2020-24815
A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...
OPENSUSE-SU-2020:1806-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.7 boo1177842: Fix two factor authentication that was broken in 4.9.6 Fix incompatibilities with older PHP versions Update to 4.9.6: - Fixed XSS relating to the transformation feature boo1177561 CVE-2020-26934,...
OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...