CVE-2024-41024

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2024-5529 · Isc +12 · Bind 9 +12

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.0.0 through 9.11.37 BIND 9 versions 9.16.0 through 9.16.50 BIND 9 versions 9.18.0 through 9.18.27 BIND 9 versions 9.19.0 through 9.19.24 BIND 9 versions 9.9.3-S1 through 9.11.37-S1 BIND 9 versions 9.16.8-S1 through 9.16.49-S...

PT-2024-28845 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGO version 2.6.2 Description: The issue concerns the JWT implementation in SFTPGO, which lacks certain security measures such as using JWT ID JTI claims, nonces, and proper expiration and invalidation mechanisms. However, it is noted that...

PT-2024-26376 · Unknown · Torchserve

Name of the Vulnerable Software and Affected Versions: TorchServe versions prior to 0.11.0 Description: The issue arises from the two gRPC ports 7070 and 7071 not being bound to localhost by default, causing them to be bound to all interfaces when TorchServe is launched. Customers using PyTorch...

UBUNTU-CVE-2024-40945

In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice iommusvabinddevice should return either a sva bond handle or an ERRPTR value in error cases. Existing drivers idxd and uacce only check the return value with ISERR. This could...

CVE-2024-40417

A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

opus security breach

opus is an open source native binding to libopus v1.3 by discord.js. A security vulnerability exists in opus that stems from supplying input objects with the toString attribute to several different functions, making it susceptible to denial of service DoS attacks...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

PT-2024-33304 · Unknown · Llama Cpp Python +1

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version affected versions not specified Description: The issue arises from an insecure dependency on llama cpp python version llama cpp python-0.2.61+cpuavx2-cp311-cp311-manylinux 2 31 x86 64. The vulnerability is linked...

CVE-2024-4498

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

SUSE CVE-2024-39277

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMANONODE correctly cpumaskofnode can be called for NUMANONODE inside domapbenchmark resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

AZL-42844 CVE-2024-39277 affecting package kernel for versions less than 5.15.162.2-1

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMANONODE correctly cpumaskofnode can be called for NUMANONODE inside domapbenchmark resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the handling of error devices during the net/mlx5e module's binding to netevent...

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the ability to disclose configured LDAP binding credentials via the...

CVE-2024-4403

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403

CVE-2024-4403 affects the ParisNeo/LollMS-WebUI, v9.6. The issue is a CSRF vulnerability in the restart_program function , which can be triggered to cause unintended actions (e.g., resetting the program) by sending crafted CSRF forms. The flaw is attributed to a lack of CSRF protection in the aff...

Mageia: Security Advisory (MGASA-2024-0209)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...