880 matches found
vLLM Denial of Service via the best_of parameter
A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...
CVE-2024-8939
A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...
CVE-2024-8939 Vllm: denials of service in vllm json web api
A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...
CVE-2024-8939
CVE-2024-8939 affects the ilab model serve component, specifically the vllm JSON web API. Improper handling of the optional best_of parameter when set to a large value can exhaust resources and cause a Denial of Service, rendering the API unresponsive to legitimate users. Exploitation details in ...
CVE-2024-8939
A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...
CVE-2024-45104
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...
CVE-2024-45104
Summary: CVE-2024-45104 affects Lenovo XClarity Administrator (LXCA). A valid, authenticated LXCA user who does not have sufficient privileges may exploit the system by using a device identifier to modify an LXCA-managed device through a specially crafted Web API call. This implies an elevation o...
CVE-2024-45104
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...
CVE-2024-45104
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...
Lenovo XClarity Administrator 安全漏洞
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which originate...
Veeam Service Provider Console 安全漏洞
Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...
VulnCheck KEV: CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
VMWare Enumerate User Accounts
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Enumerate User Accounts', 'Description' = %Q This module will log into the Web API of VMWare and try to enumerate all the user accounts. I...
CVE-2024-7604
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2024-7602
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...
CVE-2024-7600
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...
PT-2024-5562
SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...
PT-2024-38443 · Logsign · Logsign Unified Secops Platform
Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...
PT-2024-38442 · Logsign · Logsign Unified Secops Platform
Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this...
OpenStack Heat 信息泄露漏洞
OpenStack Heat is an OpenStack open source service. Composite cloud applications are orchestrated using a declarative template format via the OpenStack native REST API. A security vulnerability exists in OpenStack Heat that stems from the presence of sensitive information disclosure issues...