Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2024/07/06 12:0 a.m.9 views

PT-2024-37382 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...

5.8CVSS5.7AI score0.02475EPSS
Exploits1References9
NVD
NVD
added 2024/06/26 3:15 a.m.28 views

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS0.02685EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/26 2:53 a.m.41 views

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS0.02685EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/26 2:53 a.m.15 views

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS7.7AI score0.02685EPSS
Exploits1References2
CVE
CVE
added 2024/06/26 2:53 a.m.67 views

CVE-2024-5181

CVE-2024-5181 – mudler/localai (v2.14.0) : A command injection flaw arises from how the backend parameter in the configuration file is used to name the initialized process, enabling an attacker to manipulate the path of the vulnerable binary and execute arbitrary code. The issue stems from improp...

9.8CVSS9.7AI score0.02685EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/26 2:53 a.m.16 views

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS7.6AI score0.02685EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/20 12:30 a.m.21 views

LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

9.1CVSS6.8AI score0.25538EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/06/20 12:15 a.m.32 views

CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

9.1CVSS0.25538EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/19 11:30 p.m.16 views

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS6.8AI score0.25538EPSS
Exploits1References2
CVE
CVE
added 2024/06/19 11:30 p.m.60 views

CVE-2024-5182

CVE-2024-5182 describes a path traversal vulnerability in mudler/localai 2.14.0 where an attacker can exploit the manipulated, input-validated model parameter during the model deletion process to delete arbitrary files. The issue arises from insufficient input validation and sanitization of the m...

9.1CVSS8.3AI score0.25538EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/06/19 11:30 p.m.40 views

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS0.25538EPSS
Exploits1References2
OSV
OSV
added 2024/06/19 11:30 p.m.17 views

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS7.2AI score0.25538EPSS
Exploits1References4
OSV
OSV
added 2024/04/10 6:30 p.m.11 views

GHSA-WX43-G55G-2JF4 LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS9.8AI score0.02879EPSS
Exploits1References4
NVD
NVD
added 2024/04/10 5:15 p.m.20 views

CVE-2024-2029

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS9.8AI score0.02879EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.12 views

CVE-2024-2029 Command Injection in mudler/localai

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS8AI score0.02879EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:8 p.m.20 views

CVE-2024-2029 Command Injection in mudler/localai

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS6.2AI score0.02879EPSS
Exploits1References4
CVE
CVE
added 2024/04/10 5:8 p.m.103 views

CVE-2024-2029

CVE-2024-2029 affects mudler/localai's TranscriptEndpoint.audioToWav. Root cause: unsanitized user filenames passed to ffmpeg via a shell command, enabling arbitrary command execution on the host. Impacts include unauthorized access and data breaches, contingent on process privileges. Connected d...

9.8CVSS9.7AI score0.02879EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.34 views

CVE-2024-2029 Command Injection in mudler/localai

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS10AI score0.02879EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-18641 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions prior to v2.10.0 Description: A command injection issue exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. T...

9.8CVSS9.9AI score0.02879EPSS
Exploits1References11
NVD
NVD
added 2024/04/01 7:15 p.m.11 views

CVE-2024-3135

A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...

6.5CVSS6.5AI score0.00297EPSS
Exploits1References1
Rows per page
Query Builder