Latest CVE Feed
-
7.2
CVSS31CVE-2024-42501
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.... Read more
- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.8
CVSS31CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leadin... Read more
- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
5.5
CVSS31CVE-2024-38380
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
6.2
CVSS31CVE-2024-8939
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of paramete... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024