CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4078 – Arbitrary Code Execution in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-4078
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. • https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4181 – Command Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-4181
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines. Existe una vulnerabilidad de inyección de comandos en la clase RunGptLLM de la librería llama_index, versión 0.9.47, utilizada por el marco RunGpt de JinaAI para conectarse a los modelos de aprendizaje de idiomas (LLM). • https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30295 – When Animate parses FLA files, there is a UAF vulnerability caused by referencing uninitialized memory at Animate.exe+0x1149dcf
https://notcve.org/view.php?id=CVE-2024-30295
Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30296 – When Animate parses FLA files, there is an out-of-bounds write vulnerability at animate+0x123df28
https://notcve.org/view.php?id=CVE-2024-30296
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30294 – Adobe Animate OGG File Parsing Heap Memory Corruption remote code execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30294
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-122: Heap-based Buffer Overflow •