Lucene search
K

880 matches found

Github Security Blog
Github Security Blog
added 2024/09/17 6:33 p.m.38 views

vLLM Denial of Service via the best_of parameter

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

6.2CVSS6.8AI score0.00231EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/09/17 5:15 p.m.21 views

CVE-2024-8939

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

6.2CVSS0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/17 4:21 p.m.27 views

CVE-2024-8939 Vllm: denials of service in vllm json web api

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

6.2CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2024/09/17 4:21 p.m.178 views

CVE-2024-8939

CVE-2024-8939 affects the ilab model serve component, specifically the vllm JSON web API. Improper handling of the optional best_of parameter when set to a large value can exhaust resources and cause a Denial of Service, rendering the API unresponsive to legitimate users. Exploitation details in ...

6.2CVSS6.2AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/17 8:41 a.m.12 views

CVE-2024-8939

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

6.2CVSS6.7AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2024/09/13 6:15 p.m.21 views

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

6.5CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:28 p.m.95 views

CVE-2024-45104

Summary: CVE-2024-45104 affects Lenovo XClarity Administrator (LXCA). A valid, authenticated LXCA user who does not have sufficient privileges may exploit the system by using a device identifier to modify an LXCA-managed device through a specially crafted Web API call. This implies an elevation o...

6.5CVSS6.4AI score0.00202EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/13 5:28 p.m.30 views

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

6.3CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:28 p.m.20 views

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

6.3CVSS6.6AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.5 views

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which originate...

6.5CVSS6.6AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/07 12:0 a.m.6 views

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...

8.5CVSS8.9AI score0.00854EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/09/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

7.5CVSS5.8AI score0.01635EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.144 views

VMWare Enumerate User Accounts

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Enumerate User Accounts', 'Description' = %Q This module will log into the Web API of VMWare and try to enumerate all the user accounts. I...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/21 4:15 p.m.3 views

CVE-2024-7604

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

7.8CVSS5.9AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 4:15 p.m.3 views

CVE-2024-7602

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

6.5CVSS5.8AI score0.02382EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 4:15 p.m.6 views

CVE-2024-7600

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

8.1CVSS5.9AI score0.02016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.6 views

PT-2024-5562

SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...

10CVSS6.6AI score0.75866EPSS
Exploits0References49
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.4 views

PT-2024-38443 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

6.5CVSS6.6AI score0.02382EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.6 views

PT-2024-38442 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this...

8.1CVSS6.9AI score0.01619EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.3 views

OpenStack Heat 信息泄露漏洞

OpenStack Heat is an OpenStack open source service. Composite cloud applications are orchestrated using a declarative template format via the OpenStack native REST API. A security vulnerability exists in OpenStack Heat that stems from the presence of sensitive information disclosure issues...

5CVSS4.8AI score0.0039EPSS
Exploits1References5
Rows per page
Query Builder