3235 matches found
OESA-2025-2394 ongres-scram security update
Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...
OESA-2025-2391 ongres-scram security update
Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...
vLLM is vulnerable to timing attack at bearer auth
Summary The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force. Details...
GHSA-WR9H-G72X-MWHM vLLM is vulnerable to timing attack at bearer auth
Summary The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force. Details...
CVE-2025-59425
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425
CVE-2025-59425 affects vLLM prior to 0.11.0rc2, where API key validation used a string comparison that leaks timing information. Attackers observing responses over many attempts could determine the next correct character in the API key, enabling authentication bypass. The issue is resolved in ver...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
EUVD-2025-32853
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425
A flaw was found in vLLM’s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication. Mitigation Mitigation for this issue is either not available...
EUVD-2016-6374
Malware in sbrugna...
EUVD-2017-1552
Malware in sbrugna...
EUVD-2015-8501
Malware in sbrugna...
EUVD-2011-2582
Malware in sbrugna...
EUVD-2021-0850
Malware in sbrugna...
EUVD-2020-18321
Malware in sbrugna...
EUVD-2004-2672
Malware in sbrugna...
EUVD-2016-5730
Malware in sbrugna...
EUVD-2019-0665
Malware in sbrugna...