All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-24426 is a vulnerability in OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 where attackers can trigger reachable assertions (checks that crash the program if they fail) in the NGAP_FIND_PROTOCOLIE_BY_ID function by sending a specially crafted NGAP packet (a message used in cellular networks), causing a Denial of Service attack (making the service unavailable to legitimate users). The vulnerability has not yet received an official CVSS severity rating from NIST.
OpenAirInterface CN (a 5G network software) versions 2.0.0 and earlier contain a stack-based buffer overflow (a memory safety bug where data overflows allocated memory space) in a function that handles network messages, allowing remote attackers to crash the system or potentially run unauthorized code by sending specially crafted network packets. The vulnerability affects the N2 interface (the connection between radio access networks and the core network).
CVE-2024-24449 is a vulnerability in OpenAirInterface CN5G AMF (a 5G network component) up to version 2.0.0 where an uninitialized pointer dereference (using a pointer variable that hasn't been set to a valid memory address) in the NasPdu::NasPdu component can be exploited. An attacker can send a specially crafted InitialUEMessage to cause a Denial of Service (DoS, making the service unavailable to legitimate users).
A WordPress plugin called Sage AI (which provides chatbots, GPT-4 article generation, and image creation features) has a vulnerability (CVE-2024-52384) that allows unrestricted uploading of dangerous file types, enabling attackers to upload web shells (malicious scripts that give attackers control of a web server). This vulnerability affects all versions up to and including version 2.4.9.
CVE-2024-52383 is a missing authorization vulnerability (a flaw where the software fails to check if a user has permission to perform an action) in the KCT Ai Auto Tool Content Writing Assistant plugin for WordPress, affecting versions up to 2.1.2. This vulnerability allows attackers to exploit incorrectly configured access control (permission settings) to gain unauthorized access.
CVE-2024-21799 is a path traversal vulnerability (a bug where an attacker can access files outside intended directories) in Intel Extension for Transformers software versions before 1.5 that allows authenticated users (those with login access) to escalate their privileges through local access. The vulnerability has a CVSS score (severity rating) of 6.9, rated as medium severity.
Element is a messaging app web client that had a bug in versions before 1.11.85 where it didn't properly validate thumbnails (small preview images) for attachments, stickers, and images. This allowed attackers to add fake thumbnails that would trigger unwanted file downloads when users clicked on them.
This document provides an overview of how different European Union countries are implementing the EU AI Act, which is legislation regulating artificial intelligence systems. Most countries show unclear or partial progress in establishing the required authorities (government bodies responsible for oversight and enforcement), with some nations like Denmark and Finland having made more concrete arrangements for coordinating market surveillance (monitoring that AI systems follow the rules) and serving as single points of contact.
A Linux kernel vulnerability (CVE-2024-50182) affected memfd_secret(), a system call that creates secret memory regions hidden from the kernel's direct map (a lookup table for physical memory). On some ARM64 systems, the function appeared to work but silently failed to actually hide the memory, defeating its security purpose. The fix makes memfd_secret() return an error code (-ENOSYS) on systems that cannot properly remove memory from the direct map, rather than silently failing.
Gradio is an open-source Python package for building web applications, but versions before 5.5.0 have a vulnerability in the File and UploadButton components that allows attackers to read any files from the application server by exploiting path traversal (a technique where attackers use file paths like '../../../' to access files outside their intended directory). This happens when these components are used to preview file content.
Langflow version 1.0.18 and earlier has a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) because components with code functionality execute on the local machine instead of in a sandbox (an isolated environment that limits what code can access). This allows any component to potentially execute arbitrary code.
Gradio version 4.42.0 and earlier contain a server-side request forgery vulnerability (SSRF, a flaw where a server can be tricked into making requests to unintended targets) in the gr.DownloadButton function. The issue exists because the save_url_to_cache function doesn't validate URLs properly, allowing attackers to download local files and access sensitive information from the server.
Ollama before version 0.1.34 has a vulnerability where the CreateModelHandler function improperly reads user-controlled file paths without limits, allowing an attacker to specify a blocking file like /dev/random, which causes a goroutine (a lightweight process in Go) to run infinitely and consume resources even after the user cancels their request. This is a resource exhaustion (CWE-404: Improper Resource Shutdown or Release) issue that can disrupt service availability.
A vulnerability in Ollama before version 0.1.46 allows an attacker to crash the application by uploading a malformed GGUF file (a model format file) using two HTTP requests and then referencing it in a custom Modelfile. This causes a segmentation fault (a type of crash where the program tries to access memory it shouldn't), making the application unavailable.
Ollama versions through 0.3.14 have a vulnerability where the api/create endpoint leaks information about which files exist on the server. When someone calls the CreateModel route with a path that doesn't exist, the server returns an error message saying 'File does not exist', which allows attackers to probe the server's file system.
Fix: Update Intel Extension for Transformers to version 1.5 or later.
NVD/CVE DatabaseFix: Update Element Web and Desktop to version 1.11.85 or later. The fix is confirmed in element-web 1.11.85.
NVD/CVE DatabaseN/A -- The provided content is a GitHub navigation menu and marketing material, not a substantive article about the OWASP Top 10 for LLM Applications. No technical information, vulnerabilities, or security issues are described in the source text.
N/A -- The provided content is a navigation menu and header from a GitHub webpage about enterprise features and developer tools. It does not contain substantive information about the OWASP Top 10 for Large Language Model Applications or any AI/LLM security issues.
Fix: Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). The patch disables the syscall on ARM64 systems with certain configuration options disabled (CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n, and CONFIG_KFENCE=n) where the operation cannot work correctly.
NVD/CVE DatabaseFix: Upgrade to Gradio release version 5.5.0 or later. The source explicitly states: 'This issue has been addressed in release version 5.5.0 and all users are advised to upgrade.'
NVD/CVE DatabaseOllama before version 0.1.46 has a security flaw where attackers can use path traversal (a technique that manipulates file paths to access files outside their intended directory) in the api/push route to discover which files exist on the server. This allows an attacker to learn information about the server's file system that should be private.
Fix: Update Ollama to version 0.1.46 or later.
NVD/CVE DatabaseFix: Update Ollama to version 0.1.34 or later.
NVD/CVE DatabaseFix: Update Ollama to version 0.1.46 or later.
NVD/CVE DatabaseLangflow v1.0.12 contains a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in its PythonCodeTool component. This flaw allows attackers to execute arbitrary code through the tool. The vulnerability was publicly disclosed in October 2024.
PyTorch versions 2.4.1 and earlier contain a vulnerability in RemoteModule that allows RCE (remote code execution, where an attacker can run commands on a system they don't own) through deserialization of untrusted data. However, multiple parties dispute whether this is actually a security flaw, arguing it is intended behavior in PyTorch's distributed computing features (tools for running AI computations across multiple machines).