Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions

This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT currently working on implementing this for RPM and other package managers. This is...

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - The expansion...

[SECURITY] Fedora 39 Update: rust-asahi-nvram-0.2.1-3.fc39

A tool to read and write nvram variables on ARM Macs...

Fedora: Security Advisory for rust-uu_env (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-NODE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Solr: Host environment variables are published via the Metrics API

A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

The vulnerability of ROS2 operating systems lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code, increase their privileges, and gain unauthorized access to protected information.

The vulnerability of ROS2 operating systems is related to the lack of measures taken to neutralize special elements used in the operating system’s commands when processing environment variables such as ROSVERSION 2 and ROSPYTHONVERSION 3. Exploiting this vulnerability allows a remote attacker to...

litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

GHSA-7GGM-4RJG-594W litellm passes untrusted data to `eval` function without sanitization

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-35802

A flaw was found in the Linux kernel. Incorrect position-dependent variable references in the startup code may lead to a crash...

CVE-2024-4264 Remote Code Execution in berriai/litellm

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264 Remote Code Execution in berriai/litellm

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2024-4264

The CVE-2024-4264 entry affects berriai/litellm. The vulnerability is caused by unsafe use of eval in litellm.get_secret() when the server uses Google KMS, allowing untrusted data to be evaluated. Attackers can inject malicious values into environment variables via the /config/update endpoint, en...

PT-2024-30090 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm affected versions not specified Description: A remote code execution issue exists due to improper control of code generation when using the eval function unsafely in the litellm.get secret method. Specifically, when the server...

CVE-2024-35802

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-35802

CVE-2024-35802 entry rejected by its CVE Numbering Authority.

GitLab 9.4 < 13.7.8 / 13.8 < 13.8.5 / 13.9 < 13.9.2 (CVE-2021-22186)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners CVE-2021-22186 Note that Nessus has not...

The vulnerability of the Wi-Fi wireless communication driver from Realtek for Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the Wi-Fi wireless communication driver for Linux operating systems relates to the use of uninitialized variables hwctrls1 and swctrls1 in the function rtl8188fspurcalibration within the drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu8188f.c module. Exploiting this vulnerabili...