Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py

A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...

GHSA-7PGR-32FX-C6X9 Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py

A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...

CVE-2024-6971

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

CVE-2024-6971

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

CVE-2024-6971

CVE-2024-6971 describes a path traversal in the ParisNeo/lollms-webui project where functions in lollms_file_system.py (add_rag_database, toggle_mount_rag_database, vectorize_folder) do not sanitize paths, allowing an attacker to vectorize arbitrary .sqlite files on a victim’s machine. This can e...

CVE-2024-6971 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

LoLLMs 路径遍历漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a path traversal vulnerability that originates from allowing an attacker to perform vectorization operations on .sqlite files in any directory on the victim's computer, whic...

K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717

Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2024-0232 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap use-after-free flaw in the jsonParseAddNodeArray function in sqlite3.c. By...

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...

FreeBSD : sqlite -- use-after-free bug in jsonparseaddnodearray (42ec2207-7e85-11ef-89a4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 42ec2207-7e85-11ef-89a4-b42e991fc52e advisory. [email protected] reports: A heap use-after-free issue has been identified in SQLite in the...

Heap Buffer Overflow

SQLite-vec is vulnerable to a Heap Buffer Overflow. The vulnerability is due to improper handling of memory allocation in the npytokennext function, which allows for a heap buffer overflow when processing certain crafted files...

GHSA-VRCX-GX3G-J3H8 Heap-based Buffer Overflow in sqlite-vec

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

Heap-based Buffer Overflow in sqlite-vec

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

datasette-sqlite-vec (>=0.1.1 <=0.1.10a3), memorylayer-server (>=0.0.3 <=0.0.5) +2 more potentially affected by CVE-2024-46488 via sqlite-vec (>=0.1.1 <=0.1.2a9)

sqlite-vec PYPI version =0.1.1, =0.1.1, =0.0.3, =0.1.1, =0.1.10a3 - zf-memician =0.1.3 Source cves: CVE-2024-46488 Source advisory: OSV:GHSA-VRCX-GX3G-J3H8...

CVE-2024-46488

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2024-46488

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

CVE-2024-46488

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...