47 matches found
ALPINE-CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
EUVD-2025-34071
llama-index has Insecure Temporary File...
CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
CVE-2025-7707
The CVE-2025-7707 entry concerns llama_index 0.12.33, where NLTK data directory is set to a subdirectory of the codebase, creating a world-writable shared cache and enabling local data tampering, DoS, or privilege escalation. Connected disclosures confirm the issue and point to fixes/upgrades: re...
PT-2025-41794
Name of the Vulnerable Software and Affected Versions llama index version 0.12.33 Description The software sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or...
EUVD-2014-0222
Malware in sbrugna...
EUVD-2023-34071
Malicious code in bioql PyPI...
CVE-2025-59936
get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...
CVE-2023-53254 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same index are shared between CPUs. However, this will trigger...
CVE-2023-53254 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same index are shared between CPUs. However, this will trigger...
CVE-2024-42483
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are...
CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...
openSUSE: Security Advisory for java (SUSE-SU-2023:3305-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2023-20898
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...
SUSE CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...
CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...
CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...
Buffer overflow
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...
CVE-2023-2597
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...