38 matches found
Undefined Behavior
mlflow is vulnerable to Undefined Behavior. The vulnerability is due to inadequate validation of model names, which allows an attacker to create multiple models with the same name, leading to potential Denial of Service DoS and data model poisoning...
CVE-2024-3099
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
CVE-2024-2997
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting...
rubygem-globalid: ReDoS vulnerability
A flaw was found in rubygem-globalid. RubyGem’s GlobalID gem is vulnerable to a denial of service issue caused by a regular expression denial of service ReDoS flaw in the model name parsing. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in uri/gid.rb, when parsing modelname values. NOTE: A patch has been released to address this issue: 1-0-model-name-redos.patch Details Denial of Service DoS describes a family of attacks, all...
GHSA-23C2-GWP5-PXW9 ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: NOTAFFECTED Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the...
ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...
BACnet Scanner
Discover BACnet devices by broadcasting Who-is message, then poll discovered devices for properties including model name, software version, firmware revision and description. Module Options msf use auxiliary/scanner/scada/bacnetl3 msf auxiliarybacnetl3 show actions ...actions... msf...
The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of protection for service data. This allows attackers to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and server configuration settings.
The vulnerability of Moxa EDR-810 microcontroller-based software lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and...
CVE-2018-19073
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName,...
NuCom NC-WR644GACV Unauthenticated Configuration File Download
Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the config file bypassing admin authentication and authorization. The vulnerability has been reported to the vendor. The vendor has confirmed the vulnerability but not issued to security...
Sonos Device/OS/App Detection (UPnP, TCP)
UPnP based detection of Sonos devices, Sonos OS and application. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
CVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
Foscam camera remote command injection vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By installing the ProductConfig.xml file in...
Ruby on Rails ActiveModel::Name Remote Denial of Service Vulnerability
Ruby on Rails is a web application framework , built on top of the Ruby language . A security vulnerability in Rails ActiveModel::Name allows an attacker to send specially crafted data to an application, causing tojson to call ActiveModel::Name, which can cause the application to cause a dead loo...
SNMP Information Detection and Reporting
SNMP based detection and reporting of generic information like e.g. the System Description/sysDescr OID: 1.3.6.1.2.1.1.1.0 gathered from the remote device. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2006-1147
The Comsprintf function in qshared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers possibly authenticated to cause a denial of service application crash via a long skin, weapon, or model name...