EUVD-2021-0886

Malware in sbrugna...

EUVD-2024-43834

Malicious code in bioql PyPI...

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to the use of ast.literaleval to parse user input, allowing an attacker to send specially crafted input that crashes the litellm Python server...

LiteLLM Resource Management Error Vulnerability

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...

CVE-2024-10188 Denial of Service in BerriAI/litellm

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

DEBIAN-CVE-2024-38559

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...

SUSE CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2021-4235 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

materialize-css 跨站脚本漏洞

materialize-css is a CSS framework based on Material Design. A security vulnerability exists in all versions of the materialize-css package that originates from user input being parsed as HTML/JavaScript and inserted into the Document Object Model DOM, which can be exploited by an attacker to...

PT-2020-17121 · Dhowden · Dhowden

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If...

Barracuda SSL VPN 680Vx 2.3.3.193 Cross Site Scripting

Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Vendor: Barracuda Networks, Inc. Product web page: https://www.barracuda.com Affected version: 2.3.3.193, Model: V680 Summary: The Barracuda SSL VPN is a powerful plug-and-play appliance purpose-built to provide remote...

vtiger CRM 5.2.1 Multiple Remote Cross-Site Scripting Vulnerabilities

Summary vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and medium businesses, with low-cost product support available to production users that need reliable support. Description vtiger CRM suffers from a XSS vulnerability when parsing user input to the...

iManager Plugin 1.2.8 Cross Site Scripting

iManager Plugin v1.2.8 dir Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: alert'zsl' http://SOMECMS/jscripts/tinymce/plugins/imanager/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=alert'zsl'...

Sitemagic CMS 2010.04.17 Cross Site Scripting

Sitemagic CMS 2010.04.17 SMExt Remote Cross-Site Scripting Vulnerability Vendor: Sitemagic CMS Product web page: http://www.sitemagic.org Affected version: 2010.04.17 Summary: Sitemagic CMS is a fantastic new platform for building and maintaining great looking websites. It is very easy to set up...

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hidden" name="aacfunc" value="...

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal source: https://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing ...

sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal

sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal source: https://www.securityfocus.com/bid/8516/info SAP is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of sensitive files. The problem occurs due...

sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal

source: https://www.securityfocus.com/bid/8516/info SAP is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of sensitive files. The problem occurs due to the application failing to parse user-supplied input for directory traversal...