6043 matches found
Ollama 安全漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.34, which stems from the CreateModelHandler function reading a file using os.Open, where the req.Path parameter can be controlled by th...
Foreman 信息泄露漏洞
Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and reporting status. Foreman has an information disclosure vulnerability that stems from a vulnerability...
CVE-2024-39719
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...
kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...
PT-2024-9415 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: Ollama versions 0.3.14 and earlier Description: The issue is related to the disclosure of system data to unauthorized individuals. It can be exploited by a remote attacker to cause a denial of service. The vulnerability allows file existence...
The vulnerability of the qedr component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the qedr component in the Linux operating system’s kernel is related to incorrect blocking in the qedrcreateuserqp function. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51507
Tiki Wiki CMS Groupware
The vulnerability of the Authoring component of the Oracle Service Contracts platform, a part of the Oracle E-Business Suite, allows a perpetrator to gain unauthorized access to create, modify, and delete data.
The vulnerability of the Authoring component of the Oracle Service Contracts platform, a part of the Oracle E-Business Suite, is related to deficiencies in the authorization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to create...
The vulnerability of the create_mute_led_cdev() function (sound/pci/hda/hda_generic.c) in the ALSA sound subsystem of the Linux operating system allows a hacker to exploit their privileges.
The vulnerability of the createmuteledcdev function sound/pci/hda/hdageneric.c in the ALSA sound subsystem of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
CVE-2022-49028 ixgbevf: Fix resource leak in ixgbevf_init_module()
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevfinitmodule ixgbevfinitmodule won't destroy the workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Add destroyworkqueue in fail path to prevent the resource leak...
CVE-2024-47677
In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfatcreateupcasetable If exfatloadupcasetable reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfatloaddefaultupcasetable allocates more memory, leading to a memory...
SUSE CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
CVE-2024-10129
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/createshare.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely...
PT-2024-16050 · Unknown · Hfo4 Shudong-Share
Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share versions up to 2.4.7 Description: A critical vulnerability has been found in HFO4 shudong-share, affecting an unknown part of the file /includes/create share.php of the component Share Handler. The manipulation of the...
shudong-share SQL注入漏洞
shudong-share is a free and open source PHP extranet system by AaronLiu's personal developer. A SQL injection vulnerability exists in shudong-share 2.4.7 and earlier versions, which originates from the parameter fkey in the file /includes/createshare.php of Share Handler, which can lead to SQL...
CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...