4718 matches found
CVE-2024-47221
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...
CVE-2024-47221
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...
CVE-2024-47221
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...
Rapid SCADA 安全漏洞
Rapid SCADA is a full-featured SCADA software from Rapid SCADA Open Source. A security vulnerability exists in Rapid SCADA version 5.8.4, which originates in the file ScadaServerEngine/MainLogic.cs where CheckUser allows the use of empty passwords...
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
...
GHSA-W2R7-9579-27HF vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768 Vllm: a completions api request with an empty prompt will crash the vllm api server.
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
PT-2024-39237 · Unknown · Vllm Library
Name of the Vulnerable Software and Affected Versions: vLLM library affected versions not specified Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Recommendations: At the moment,...
OESA-2024-2136 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...
OESA-2024-2134 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...
OESA-2024-2137 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
...
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e. a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
...
net: phy: fix phy_get_internal_delay accessing an empty array
...
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
...
CVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...