9.8
CVE-2024-5826 - Remote Code Execution via Prompt Injection in vanna-ai/vanna
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/baseβ¦
7.5
CVE-2024-5979 - Denial of Service via Invalid Argument in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
9.9
CVE-2024-3330 - Spotfire Remote Code Execution Vulnerability
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fromβ¦
6.5
CVE-2024-3017 - Denial of service in multi-protocol gateway - Zigbee + Thread
In a Silicon LabsΒ Β multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service.
8.4
CVE-2024-4578 - Privilege escalation in Arista Wireless Access Points
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the βconfigβ user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploitβ¦
7.5
CVE-2023-38370 - IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
5.5
CVE-2023-38368 - IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.
7.8
CVE-2023-30997 - IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
7.8
CVE-2023-30998 - IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
7.5
CVE-2024-3043 - Zigbee co-ordinator realignment packet may lead to denial of service
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.