CVE-2024-46890

CVE-2024-46890 affects Siemens SINEC INS (all versions before V1.0 SP2 Update 3). The issue is improper validation of input to specific web API endpoints, enabling an authenticated remote attacker with high privileges to execute arbitrary code on the underlying OS. The risk is described in public...

CVE-2024-46890

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code...

SUSE CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

Synology DiskStation Manager (DSM) File Disclosure Vulnerability (Synology-SA-24:20) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Denial of service through tracking and requesting Aim objects through web API

This report is not public...

WordPress plugin Hunk Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-32821 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 1380.va 435002fa 924 and earlier, except version 1371.1373.v4eb fa b 7161e9 Description: The issue concerns the Jenkins Credentials Plugin, which does not redact encrypted values of credentials using the...

PT-2024-28460 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance formerly known as Cardwizard versions 6.8.x and earlier, 6.9.0, 6.9.1, 6.9.2, 6.10.0 Description: The issue concerns the use of a DLL library with a custom AES encryption process that relies on static...

PT-2024-28459 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance On Premise Software versions 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier Description: The issue concerns a configuration file, specifically WebAPI.cfg.xml, which is left behind after the installation...

vLLM Denial of Service via the best_of parameter

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

CVE-2024-8939

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

CVE-2024-8939 Vllm: denials of service in vllm json web api

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

CVE-2024-8939

CVE-2024-8939 affects the ilab model serve component, specifically the vllm JSON web API. Improper handling of the optional best_of parameter when set to a large value can exhaust resources and cause a Denial of Service, rendering the API unresponsive to legitimate users. Exploitation details in ...

CVE-2024-8939

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

CVE-2024-45104

Summary: CVE-2024-45104 affects Lenovo XClarity Administrator (LXCA). A valid, authenticated LXCA user who does not have sufficient privileges may exploit the system by using a device identifier to modify an LXCA-managed device through a specially crafted Web API call. This implies an elevation o...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which originate...

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...