Svi - CERT CVE

Rezultati pretraživanja za 'Od datuma: 27.12.2024.'

ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2024-11031 7.7 In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, whi 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10986 8.8 GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the applicat 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10956 7.6 GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10955 6.5 A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polyn 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10954 8.8 In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10950 8.8 In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing t 2025-03-20 10:15:22 2025-03-20 10:15:22
CVE-2024-10940 5.3 A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePro 2025-03-20 10:15:21 2025-03-20 10:15:21
CVE-2024-10935 7.5 automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with ar 2025-03-20 10:15:21 2025-03-20 10:15:21
CVE-2024-10912 7.5 A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by 2025-03-20 10:15:21 2025-03-20 10:15:21
CVE-2024-10908 6.1 An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and cred 2025-03-20 10:15:21 2025-03-20 10:15:21
ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2018-4451 9.3 This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. 2020-10-30 02:01:00 2020-10-27 20:15:00
CVE-2019-8712 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2019-8709 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be abl 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2019-8824 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2018-4452 9.3 A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Se 2020-10-30 02:00:00 2020-10-27 20:15:00
CVE-2019-8716 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2019-8836 9.3 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2019-8740 9.3 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00 2020-10-27 20:15:00
CVE-2020-27976 10.0 osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. 2020-10-29 23:35:00 2020-10-28 15:15:00
CVE-2019-8539 9.3 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary co 2020-10-30 15:13:00 2020-10-27 20:15:00
Stranica
/2377
Zapisa po stranici: