Lucene search
K

57 matches found

Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.9 views

PT-2024-34946 · Go Skynet · Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.14.0 github.com/go-skynet/LocalAI before v2.16.0 Description: A path traversal vulnerability exists, allowing an attacker to exploit the model parameter during the model deletion process to delete arbitrary files. By...

9.1CVSS7.7AI score0.25538EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/06/06 4:42 p.m.2 views

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7AI score0.17673EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2024/04/15 11:12 p.m.4 views

SUSE CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS7.1AI score0.00851EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.5 views

Trellix ePolicy Orchestrator Input Validation Error Vulnerability

Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of an open redirection vulnerability. A low-privileged attacker can exploit t...

5.4CVSS6.7AI score0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.5 views

Trellix ePolicy Orchestrator Cross-Site Request Forgery Vulnerability

Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of a cross-site request forgery CSRF vulnerability. A low-privileged attacker...

8CVSS6.6AI score0.00351EPSS
Exploits0References2
NCSC
NCSC
added 2023/09/21 12:0 a.m.6 views

Vulnerability fixed in CUPS

A vulnerability has been fixed in CUPS. A malicious party could exploit the vulnerability to execute arbitrary code with permissions from the print server. For successful exploitation, the malicious party must offer a specially prepared Postscript file to the print server, or trick a trick a user...

7CVSS7.6AI score0.00663EPSS
Exploits2
OSV
OSV
added 2023/08/08 10:15 a.m.3 views

CVE-2023-39549

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 2. The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of...

7.8CVSS5.9AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2023/05/09 1:15 p.m.4 views

CVE-2023-30986

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 3, Solid Edge SE2023 All versions V223.0 Update 2. Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the...

7.8CVSS7.2AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

AgilePoint NX 路径遍历漏洞

AgilePoint NX is a cloud-based digital transformation platform from AgilePoint Japan that enables enterprise-class BPMS with no-code and low-code speed and agility. A security vulnerability exists in AgilePoint NX v8.0 SU2.2 and SU2.3 versions, which stems from a vulnerability that allows path...

7.5CVSS7.3AI score0.00701EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.5 views

SUSE CVE-2012-0501

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors...

5CVSS7.4AI score0.03588EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.6 views

SUSE CVE-2016-1607

Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request...

7.2CVSS7.3AI score0.03385EPSS
Exploits4References5
OSV
OSV
added 2023/02/14 11:15 a.m.3 views

CVE-2023-24552

A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to t...

7.8CVSS7.4AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.3 views

PT-2022-21491 · Apple · Macos Monterey +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Big Sur versions prior to 11.6.8 watchOS versions prior to 8.7 tvOS versions prior to 15.6 macOS Monterey versions prior to 12.5 macOS Catalina versions prior to Security Update...

7.8CVSS6.9AI score0.00324EPSS
Exploits0References12
NCSC
NCSC
added 2022/02/24 12:0 a.m.7 views

Vulnerability fixed in pfSense

NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...

9CVSS6.7AI score0.87113EPSS
Exploits4
OSV
OSV
added 2021/09/29 4:15 p.m.3 views

CVE-2021-39830

Adobe Framemaker versions 2019 Update 8 and earlier and 2020 Release Update 2 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

7.8CVSS7.6AI score0.01896EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.5 views

Adobe Framemaker 资源管理错误漏洞

Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.A post-release reuse vulnerability exists in Adobe Framemaker 2019 Update 8, 2020 Release Update 2 and earlier versions. An attacker could exploit this vulnerability...

4.3CVSS7.6AI score0.01491EPSS
Exploits0References6
OSV
OSV
added 2021/08/30 4:15 a.m.7 views

CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

9.8CVSS5.8AI score0.01839EPSS
Exploits1References3
OSV
OSV
added 2020/11/24 5:15 p.m.3 views

CVE-2020-24815

A Server-Side Request Forgery SSRF affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a...

6.5CVSS6.6AI score0.02061EPSS
Exploits1References3
OSV
OSV
added 2020/11/01 11:23 a.m.8 views

OPENSUSE-SU-2020:1806-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.7 boo1177842: Fix two factor authentication that was broken in 4.9.6 Fix incompatibilities with older PHP versions Update to 4.9.6: - Fixed XSS relating to the transformation feature boo1177561 CVE-2020-26934,...

9.8CVSS7.2AI score0.67081EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2020/07/16 10:13 a.m.6 views

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

4.3CVSS6.7AI score0.03284EPSS
Exploits0References4
Rows per page
Query Builder