Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write in String16 of String16.cpp. An attacker can exploit the vulnerability to escalate privileges...

CVE-2018-9421

In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9412

In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

Fedora 41 : llama-cpp (2024-89c69bb9d3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-89c69bb9d3 advisory. Update to b3561 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow

A vulnerability was found in libproxy, where a buffer overflow can occur if a server serving a PAC file sends more than 102400 bytes without a Content-Length header, this flaw allows an attacker to trigger an overflow of PACHTTPBLOCKSIZE 512 bytes, potentially leading to application crashes or...

Fedora: Security Advisory (FEDORA-2024-b07b0b41ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : llama-cpp (2024-b07b0b41ec)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b07b0b41ec advisory. Update to b3561 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability

The version of llama.cpp installed on the remote host is prior to 0.2.88. It is, therefore, affected by an arbitrary write vulnerability. This vulnerability was combined with another arbitrary address read vulnerability to achieve RCE, demonstrating the significant impact of the vulnerability. No...

RHSA-2015:0660 Red Hat Security Advisory: qpid-cpp security and bug fix update

Bulletin has no description...

RHSA-2015:0662 Red Hat Security Advisory: qpid-cpp security and bug fix update

Bulletin has no description...

RHSA-2015:0661 Red Hat Security Advisory: qpid-cpp security and bug fix update

Bulletin has no description...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the rpctensor structure. An attacker can cause memory data leakage by exploiting the unsafe type member. PoC from pwn import ALLOCBUFFER = 0 GETALIGNMENT = 1 GETMAXSIZE = 2 BUFFERGETBASE = 3 FREEBUFFER = 4...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the ggufinitfromfile function. Remediation Upgrade llama-cpp to version b3542 or higher. References - GitHub Commit...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-655 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann...

PT-2024-29284 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3427 Description: The issue is related to a null pointer dereference in the gguf init from file function. This problem is resolved in version b3427. Recommendations: For versions prior to b3427, update to version...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...