Lucene search
K

6043 matches found

CNNVD
CNNVD
added 2024/10/31 12:0 a.m.5 views

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.34, which stems from the CreateModelHandler function reading a file using os.Open, where the req.Path parameter can be controlled by th...

7.5CVSS8.8AI score0.02683EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.2 views

Foreman 信息泄露漏洞

Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and reporting status. Foreman has an information disclosure vulnerability that stems from a vulnerability...

6.3CVSS7AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.45 views

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

0.04237EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/10/30 12:40 a.m.3 views

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

5.5CVSS7.2AI score0.0025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2024-9415 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions 0.3.14 and earlier Description: The issue is related to the disclosure of system data to unauthorized individuals. It can be exploited by a remote attacker to cause a denial of service. The vulnerability allows file existence...

7.8CVSS9.2AI score0.04237EPSS
Exploits2References16
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.5 views

The vulnerability of the qedr component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the qedr component in the Linux operating system’s kernel is related to incorrect blocking in the qedrcreateuserqp function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References34Affected Software6
NVD
NVD
added 2024/10/28 11:15 p.m.19 views

CVE-2024-51506

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...

4.8CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2024/10/28 11:15 p.m.16 views

CVE-2024-51507

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name...

4.8CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.16 views

CVE-2024-51506

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...

5.8AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.15 views

CVE-2024-51506

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...

0.00215EPSS
Exploits0References2
CVE
CVE
added 2024/10/28 12:0 a.m.54 views

CVE-2024-51507

Tiki Wiki CMS Groupware

4.8CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.6 views

The vulnerability of the Authoring component of the Oracle Service Contracts platform, a part of the Oracle E-Business Suite, allows a perpetrator to gain unauthorized access to create, modify, and delete data.

The vulnerability of the Authoring component of the Oracle Service Contracts platform, a part of the Oracle E-Business Suite, is related to deficiencies in the authorization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to create...

8.5CVSS7.6AI score0.00435EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.4 views

The vulnerability of the create_mute_led_cdev() function (sound/pci/hda/hda_generic.c) in the ALSA sound subsystem of the Linux operating system allows a hacker to exploit their privileges.

The vulnerability of the createmuteledcdev function sound/pci/hda/hdageneric.c in the ALSA sound subsystem of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS6.1AI score0.00234EPSS
Exploits0References17Affected Software10
Vulnrichment
Vulnrichment
added 2024/10/21 8:6 p.m.23 views

CVE-2022-49028 ixgbevf: Fix resource leak in ixgbevf_init_module()

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevfinitmodule ixgbevfinitmodule won't destroy the workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Add destroyworkqueue in fail path to prevent the resource leak...

7.1AI score0.00245EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/10/21 11:53 a.m.9 views

CVE-2024-47677

In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfatcreateupcasetable If exfatloadupcasetable reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfatloaddefaultupcasetable allocates more memory, leading to a memory...

5.5CVSS5.7AI score0.00233EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/10/19 10:37 a.m.3 views

SUSE CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

9.8CVSS8.7AI score0.02098EPSS
Exploits2References3
OSV
OSV
added 2024/10/18 10:15 p.m.4 views

CVE-2024-10129

A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/createshare.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely...

6.5CVSS5.6AI score0.0045EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.6 views

PT-2024-16050 · Unknown · Hfo4 Shudong-Share

Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share versions up to 2.4.7 Description: A critical vulnerability has been found in HFO4 shudong-share, affecting an unknown part of the file /includes/create share.php of the component Share Handler. The manipulation of the...

6.5CVSS7.1AI score0.0045EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.3 views

shudong-share SQL注入漏洞

shudong-share is a free and open source PHP extranet system by AaronLiu's personal developer. A SQL injection vulnerability exists in shudong-share 2.4.7 and earlier versions, which originates from the parameter fkey in the file /includes/createshare.php of Share Handler, which can lead to SQL...

6.5CVSS7AI score0.0045EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2024/10/17 10:15 p.m.4 views

CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

9.8CVSS6.7AI score0.02098EPSS
Exploits2References3
Rows per page
Query Builder