Lucene search
K

4718 matches found

NVD
NVD
added 2024/09/22 1:15 a.m.16 views

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

7.5CVSS0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/22 12:0 a.m.12 views

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

6.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/22 12:0 a.m.20 views

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/22 12:0 a.m.5 views

Rapid SCADA 安全漏洞

Rapid SCADA is a full-featured SCADA software from Rapid SCADA Open Source. A security vulnerability exists in Rapid SCADA version 5.8.4, which originates in the file ScadaServerEngine/MainLogic.cs where CheckUser allows the use of empty passwords...

7.5CVSS6.7AI score0.0035EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/09/19 7:0 a.m.4 views

In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.

...

9.8CVSS6.9AI score0.00616EPSS
Exploits0
OSV
OSV
added 2024/09/17 6:33 p.m.0 views

GHSA-W2R7-9579-27HF vLLM denial of service vulnerability

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...

8.7CVSS5.8AI score0.00676EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/09/17 6:33 p.m.38 views

vLLM denial of service vulnerability

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...

7.5CVSS6.7AI score0.00676EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/09/17 5:15 p.m.2 views

CVE-2024-8768

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...

7.5CVSS5.7AI score0.00676EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/17 4:20 p.m.14 views

CVE-2024-8768 Vllm: a completions api request with an empty prompt will crash the vllm api server.

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...

7.5CVSS6.8AI score0.00676EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.3 views

PT-2024-39237 · Unknown · Vllm Library

Name of the Vulnerable Software and Affected Versions: vLLM library affected versions not specified Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Recommendations: At the moment,...

8.7CVSS6.7AI score0.00676EPSS
Exploits0References12
OSV
OSV
added 2024/09/14 11:9 a.m.5 views

OESA-2024-2136 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/09/14 11:9 a.m.7 views

OESA-2024-2134 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/09/14 1:29 a.m.2 views

OESA-2024-2137 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.4 views

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

...

7.5CVSS7AI score0.0214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.6 views

In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e. a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.

...

8.1CVSS7AI score0.01669EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.12 views

net: phy: fix phy_get_internal_delay accessing an empty array

...

5.5CVSS6.3AI score0.00281EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.4 views

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

...

9.1CVSS7AI score0.00971EPSS
Exploits1
OSV
OSV
added 2024/09/09 3:15 p.m.4 views

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

3.1CVSS5.8AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/09 3:2 p.m.20 views

CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

2.4CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/09 3:2 p.m.14 views

CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

2.4CVSS6.6AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder