OSV-2024-832 UNKNOWN READ in Pistache::Http::Header::Expect::parseRaw

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69151 Crash type: UNKNOWN READ Crash state: Pistache::Http::Header::Expect::parseRaw Pistache::Http::Private::HeadersStep::apply Pistache::Http::Private::ParserBase::parse...

PT-2024-40895 · Git +1 · Flex

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash state includes functions such as filter apply chain and readin. No information is...

CVE-2024-7451

A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file applynow.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has bee...

PT-2024-38361 · Unknown · Itsourcecode Placement Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Placement Management System version 1.0 Description: A critical issue was found in the itsourcecode Placement Management System, affecting some unknown functionality of the file apply now.php. The manipulation of the id argument...

PT-2024-29956 · Elliptic +1 · Elliptic +1

Name of the Vulnerable Software and Affected Versions: Elliptic package version 6.5.6 Description: The issue concerns ECDSA signature malleability due to a missing check for whether the leading bit of r and s is zero. This results in a cryptographic weakness. There is no information provided abou...

OSV-2024-678 Use-of-uninitialized-value in FLAC__replaygain_synthesis__apply_gain

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70482 Crash type: Use-of-uninitialized-value Crash state: FLACreplaygainsynthesisapplygain writecallback readframe...

PT-2024-40824 · Flac · Flac

Name of the Vulnerable Software and Affected Versions: FLAC affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the FLAC replaygain synthesis apply gain function, which is called from the write callback and...

The vulnerability of the pdfi_apply_filter() function in the software for processing, transforming, and generating Ghostscript documents allows a attacker to execute arbitrary code, cause service failures, or gain full control over the application.

The vulnerability of the pdfiapplyfilter function in the software for processing, transforming, and generating Ghostscript documents is related to buffer overflow during the filtering process. Exploiting this vulnerability could allow an attacker to execute arbitrary code, cause service failures,...

CVE-2024-6281 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PT-2024-37509 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1 Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the pa...

SUSE CVE-2024-40915

In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite kernelmappages to fix sleeping in invalid context kernelmappages is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This...

UBUNTU-CVE-2024-40915

In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite kernelmappages to fix sleeping in invalid context kernelmappages is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This...

Malicious code in sap-apply (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis baef099fb6eeba12c9f75d90d5c1c2af6ca0419c981b72162bfd544c45106bc3 The OpenSSF Package Analysis project identified 'sap-apply' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7640 Malicious code in sap-apply (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis baef099fb6eeba12c9f75d90d5c1c2af6ca0419c981b72162bfd544c45106bc3 The OpenSSF Package Analysis project identified 'sap-apply' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-6095

Vulnerability: LocalAI (mudler/localai) 2.15.0 has a SSRF and partial LFI in the /models/apply endpoint. The endpoint accepts both http(s):// and file:// schemes, with file:// enabling local-file access. Impact is described as potential unauthorized access to internal HTTP(S) services and partial...

LocalAI Code Issues Vulnerabilities

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code issue vulnerability exists in LocalAI version 2.15.0, which stems from a cross-site request forgery and local file inclusion vulnerability in the /models/apply API...

PT-2024-37382 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which is caused by a stack-based buffer overflow...

PT-2024-28317 · Unknown · Ag-Grid-Enterprise

Name of the Vulnerable Software and Affected Versions: ag-grid-enterprise version 31.3.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution in the ModuleSupport.jsonApply component...

LoLLMs Path Traversal Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs versions prior to 9.7, which stems from insufficient input validation in the /applysettings function, allowing an attacker to traverse the file...