PT-2023-25472 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: langchain version 0.0.64 Description: The issue allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. This enables the attacker to run malicious code, potentially leading to system compromise...

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

LangChain 注入漏洞

LangChain is an application built using LLM through composability. A security vulnerability exists in LangChain version v.0.0.64, which stems from a vulnerability that allows an attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

CVE-2023-27198

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability...

PAX Technology A930 操作系统命令注入漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Technology China. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from allowing arbitrary commands to be executed by using the exec service and including...

PYSEC-2023-98

An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method...

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

PT-2023-25499 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.0.236 Description: The issue allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. This is possible via the PALChain in the python exec method. Recommendation...

LangChain 安全漏洞

LangChain is used to build applications using LLM through composability. A security vulnerability exists in LangChain version v.0.0.199, which stems from a vulnerability that allows an attacker to execute arbitrary code via PALChain in the python exec method...

Apache Airflow ODBC Provider Remote Code Execution Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A remote code execution vulnerability exists in Apache Airflow ODBC Provider, which can be exploited by an attacker to cause command execution...

CVE-2023-21517

The CVE-2023-21517 entry corresponds to a heap out-of-bounds write in Exynos baseband prior to Samsung SMR Jun-2023 Release 1, enabling a remote attacker to execute arbitrary code. Connected PT-2023-18273 and related sources confirm the affected software is Exynos baseband versions prior to SMR J...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API. PoC...

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2023-35042

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version...

PT-2023-3740 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer 2 affected versions not specified Description: The issue is related to insufficient input validation in the java.lang.Runtime.getRuntime.exec function of the GeoServer software, which can allow remote attackers to execute arbitrary...

CVE-2023-35042

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version...

VulnCheck KEV: CVE-2023-35042

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version...