#dos

### Impact The [outlines](https://dottxt-ai.github.io/outlines/latest/) library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is [vllm/model_executor/guided_decoding/outlines_logits_processors.py](https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py), which unconditionally uses the cache from outlines. vLLM should have this off by default and allow administrators to opt-in due to the potential for abuse. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service if the filesystem runs out of ...

### Impact User control of the first argument of the `addImage` method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the `addImage` method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are: `html`, `addSvgAsImage`. Example payload: ```js import { jsPDF } from "jpsdf" const doc = new jsPDF(); const payload = 'data:/charset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=s\x00base64,undefined'; const startTime = performance.now() try { doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW"); } catch (err) { const endTime = performance.now() console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`) } doc.save("a4.pdf");...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ASCO 5310 / 5350 Vulnerabilities: Download of Code Without Integrity Check, Allocation of Resources Without Limits or Throttling, Cleartext Transmission of Sensitive Information, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform a denial of service, loss of availability, or loss of device integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: Schneider Electric ASCO 5310 Single-Channel Remote Annunciator: All versions Schneider Electric ASCO 5350 Eight Channel Remote Annunciator: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DOWNLOAD OF CODE WITHOUT INTEGRITY CHECK CWE-494 Schneider Electric ASCO 5310 / 5350 remote annunciator is vulnerable to a download of code without integrity check vulner...

Confidential computing strengthens application security by providing isolation, encryption and attestation so data remains protected while in use. By integrating these security features with a scalable, high-performance artificial intelligence (AI) and machine learning (ML) ecosystem, organizations can adopt a defense-in-depth approach. This is especially critical for regulated industries handling sensitive data, such as Personally Identifiable Information (PII), Protected Health Information (PHI), and financial information, enabling them to leverage AI with confidence.In this article, we expl

ChatGPT Down: Users report "Gateway time-out" errors. OpenAI's popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.

## Summary PostQuantum-Feldman-VSS, in versions ≤0.7.6b0, is vulnerable due to its dependency on gmpy2, which can crash the Python interpreter if memory allocation fails. This can be exploited for denial-of-service attacks, impacting the availability of systems using the library. ## Description The vulnerability arises from gmpy2’s behavior, as noted in its documentation: > gmpy2 can crash the Python interpreter in case of memory allocation failure ([gmpy2 Overview](https://gmpy2.readthedocs.io/en/latest/overview.html)) This stems from gmpy2’s reliance on the GMP library, which terminates the program when memory allocation fails ([GMP Memory Management](https://gmplib.org/manual/Memory-Management)). An attacker can exploit this by crafting inputs that exhaust memory, causing the interpreter to crash and disrupting service for legitimate users. ## Impact - **Availability**: High impact, as the interpreter crash leads to complete denial of service. - **Confidentiality and Integrity*...

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Double Free, Use After Free, NULL Pointer Dereference, Buffer Access with Incorrect Length Value, Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, or gain unauthorized access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC S7-1500 TM MFP - BIOS: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DOUBLE FREE CWE-415 In the Linux ...

### Summary ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. ### Impact This issue may lead to remote Denial of Service (DoS).

# Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj4v-hp69-27x5. This link is maintained to preserve external references. # Original Description Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.