Lucene search
+L

38 matches found

Veracode
Veracode
added 2024/06/11 5:48 a.m.11 views

Undefined Behavior

mlflow is vulnerable to Undefined Behavior. The vulnerability is due to inadequate validation of model names, which allows an attacker to create multiple models with the same name, leading to potential Denial of Service DoS and data model poisoning...

5.4CVSS6.7AI score0.00442EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/06 7:15 p.m.8 views

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.8AI score0.00442EPSS
Exploits1References1
OSV
OSV
added 2024/03/27 9:15 p.m.6 views

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting...

5.4CVSS3.7AI score0.01215EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.10 views

rubygem-globalid: ReDoS vulnerability

A flaw was found in rubygem-globalid. RubyGem’s GlobalID gem is vulnerable to a denial of service issue caused by a regular expression denial of service ReDoS flaw in the model name parsing. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References5
Snyk
Snyk
added 2023/01/18 6:13 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in uri/gid.rb, when parsing modelname values. NOTE: A patch has been released to address this issue: 1-0-model-name-redos.patch Details Denial of Service DoS describes a family of attacks, all...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References2
OSV
OSV
added 2023/01/18 6:13 p.m.30 views

GHSA-23C2-GWP5-PXW9 ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: NOTAFFECTED Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the...

7.5CVSS7.4AI score0.01049EPSS
Exploits0References6
RubySec
RubySec
added 2023/01/18 12:0 a.m.40 views

ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...

7.5CVSS3.7AI score0.01049EPSS
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.177 views

BACnet Scanner

Discover BACnet devices by broadcasting Who-is message, then poll discovered devices for properties including model name, software version, firmware revision and description. Module Options msf use auxiliary/scanner/scada/bacnetl3 msf auxiliarybacnetl3 show actions ...actions... msf...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/10/22 12:0 a.m.4 views

The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of protection for service data. This allows attackers to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and server configuration settings.

The vulnerability of Moxa EDR-810 microcontroller-based software lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and...

7.8CVSS5.4AI score
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/07 6:29 p.m.7 views

CVE-2018-19073

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName,...

7.2CVSS6AI score0.01946EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2018/07/02 12:0 a.m.139 views

NuCom NC-WR644GACV Unauthenticated Configuration File Download

Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the config file bypassing admin authentication and authorization. The vulnerability has been reported to the vendor. The vendor has confirmed the vulnerability but not issued to security...

9.7AI score0.01082EPSS
Exploits2
OpenVAS
OpenVAS
added 2018/04/24 12:0 a.m.30 views

Sonos Device/OS/App Detection (UPnP, TCP)

UPnP based detection of Sonos devices, Sonos OS and application. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.2AI score
Exploits0References1
Prion
Prion
added 2018/03/09 11:29 p.m.21 views

Design/Logic Flaw

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

7.5CVSS9.4AI score0.02062EPSS
Exploits0References1Affected Software20
Cvelist
Cvelist
added 2018/03/09 11:0 p.m.25 views

CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

9.6AI score0.02062EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/09 12:0 a.m.2 views

Foscam camera remote command injection vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By installing the ProductConfig.xml file in...

8.2AI score
Exploits0References1
CNVD
CNVD
added 2015/03/12 12:0 a.m.5 views

Ruby on Rails ActiveModel::Name Remote Denial of Service Vulnerability

Ruby on Rails is a web application framework , built on top of the Ruby language . A security vulnerability in Rails ActiveModel::Name allows an attacker to send specially crafted data to an application, causing tojson to call ActiveModel::Name, which can cause the application to cause a dead loo...

6.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2012/02/14 12:0 a.m.20 views

SNMP Information Detection and Reporting

SNMP based detection and reporting of generic information like e.g. the System Description/sysDescr OID: 1.3.6.1.2.1.1.1.0 gathered from the remote device. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.2AI score
Exploits0
NVD
NVD
added 2006/03/10 11:2 a.m.17 views

CVE-2006-1147

The Comsprintf function in qshared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers possibly authenticated to cause a denial of service application crash via a long skin, weapon, or model name...

4CVSS6.6AI score0.03057EPSS
Exploits1References8
Rows per page
Query Builder