CVE-2024-11040

CVE-2024-11040 entry is rejected and not used; duplicate of CVE-2024-8939.

CVE-2025-0330 Exposure of Sensitive Information in berriai/litellm

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

PT-2025-5746 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)

The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

CVE-2024-10977

A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...

AZL-53195 CVE-2024-10977 affecting package postgresql for versions less than 14.14-1

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2024-10977

CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

Hotfix XS82ECU1074 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on theCustomer Success Servicesprogram. Where To Get This Hotfix Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from...

Siemens SIMATIC 代码问题漏洞

SIMATIC CP 1242 and CP 1243 associated processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as firewalls, virtual private networks VPNs, and support for other data encryption protocols.SIMATIC HMI Panels are used for operator...

Director “Cannot retrieve the data” for License Server

In Director see error “Cannot retrieve the data” for License Server. In event log see of Director Server there is this event. There was no endpoint listening at https://LicenseServerFQDN:8083//slsunauth/services/sls that could accept the message. This is often caused by an incorrect address or SO...

CVE-2024-30125

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die...