7Resp4Ss

**Name of the Vulnerable Software and Affected Versions** Github Copilot (affected versions not specified) **Description** A command injection issue exists in Github Copilot. This allows a remote, unauthorized attacker to execute code over a network. The issue is related to a failure to sanitize data at the management level. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Upsonic versions up to 0.55.6 **Description** A critical vulnerability was found in Upsonic, affecting the `os.path.join` function in the `markdown/server.py` file. The manipulation of the `file.filename` argument leads to path traversal. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 0.55.6, consider restricting access to the `os.path.join` function in the `markdown/server.py` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `file.filename` argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Triton Inference Server (affected versions not specified) **Description** The issue is related to an integer overflow or wraparound error in the model loading API. This can be triggered by loading a model with an extra-large file size, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to b3561 **Description** The issue is related to the `rpc tensor` structure in llama.cpp, which provides LLM inference in C/C++. The unsafe `data` pointer member can cause arbitrary address writing, potentially leading to remote code execution if exploited. Millions of devices may be exposed to this risk. **Recommendations** For versions prior to b3561, update the library to b3561 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the `rpc tensor` structure or disabling the `data` pointer member until a patch is available.

**Name of the Vulnerable Software and Affected Versions** llama.cpp version b3561 and earlier **Description** The issue arises from the unsafe `type` member in the `rpc tensor` structure, which can cause a `global-buffer-overflow`. This may lead to memory data leakage. **Recommendations** For versions prior to b3561, update to b3561 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rpc tensor` structure until a patch is available.

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to b3561 **Description** The issue is related to the `rpc tensor` structure in llama.cpp, which provides LLM inference in C/C++. The `data` pointer member in this structure is unsafe, allowing for arbitrary address reading. **Recommendations** For versions prior to b3561, update to b3561 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rpc tensor` structure to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.9.0 **Description** The issue is a Heap-based Buffer Overflow in the GitHub repository radareorg/radare2. **Recommendations** For versions prior to 5.9.0, update to version 5.9.0 or later to resolve the issue.