ALSA-2024:1902 Important: shim security update

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fixes: shim: RCE in http boot support may lead to Secure Boot bypass CVE-2023-40547 shim: Interger overflow leads to heap buffer overflow in...

ALSA-2024:1903 Important: shim bug fix update

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fixes: shim: RCE in http boot support may lead to Secure Boot bypass CVE-2023-40547 shim: Interger overflow leads to heap buffer overflow in...

Advisory ROSA-SA-2024-2402

Software: sysstat 11.7.3 OS: ROSA Virtualization 2.1 packageevrstring: sysstat-11.7.3-9.rv3 CVE-ID: CVE-2022-39377 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocatestructures contains a sizet...

RHEL 9 : shim (RHSA-2024:1835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1835 advisory. The shim package contains a first stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments...

RHEL 8 : shim (RHSA-2024:1834)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1834 advisory. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 Exploit Tool 🛠️ This Python script is designed...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa app="paloalto-GlobalProt...

Important: Red Hat Security Advisory: shim security update

An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Important: Red Hat Security Advisory: shim security update

An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security...

Exploit for OS Command Injection in Issabel Pbx

Issabel PBX 4.0.0 Remote Code Execution Authenticated - CVE-...

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-2912

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifactpath' parameter. This flaw...

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-1961

CVE-2024-1961 affects the open-source project vertaai/modeldb. The vulnerability is a path traversal flaw caused by improper sanitization of user-supplied file paths in the file upload flow, specifically in the NFSController.java and NFSService.java components. Attackers can manipulate the artifa...

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-3271

CVE-2024-3271 affects the run-llama/llama_index project, specifically the safe_eval function. The issue allows command execution via crafted input that bypasses the underscore check in code produced by LLMs, enabling remote code execution on the server. Connected sources corroborate a command-inj...

CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifactpath' parameter. This flaw...