CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36095

LangChain v0.0.194 is affected by a code-injection vulnerability (CVE-2023-36095) via the PALChain, enabling an attacker to execute arbitrary Python code through exec calls in from_math_prompt and from_colored_object_prompt. Reported impacts include high severity with potential full compromise; C...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

PT-2023-15101 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered in the software, allowing Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs executed on the server at...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

CVE-2022-46900

The CVE describes a Path Traversal vulnerability in Vocera Report Server/Voice Server 5.x–5.8. An authenticated user can modify task entries in the Vocera Report Console to alter the executable path and parameters, enabling potential unintended command execution. The exact exploitation steps, aff...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

An unnamed Federal Civilian Executive Branch FCEB agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by th...

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

GHSA-57FC-8Q82-GFP3 langchain vulnerable to arbitrary code execution

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

langchain vulnerable to arbitrary code execution

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

Security feature bypass

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

PYSEC-2023-109

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

CVE-2023-36188

CVE-2023-36188 affects LangChain v0.0.64, enabling remote code execution via the PALChain parameter in Python exec. The issue stems from deserialization/execution pathways that process untrusted data and can lead to arbitrary code execution. Affected product: LangChain core library (v0.0.64); imp...