1314 matches found
CVE-2024-53880
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial ...
CVE-2024-53880
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial ...
CVE-2024-53880
The CVE-2024-53880 entry pertains to NVIDIA Triton Inference Server. A vulnerability in the model loading API can trigger an integer overflow/wraparound when loading a model with an extra-large file size, overflow an internal variable, and potentially cause a denial of service. Exploitation detai...
CVE-2024-53880
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial ...
NVIDIA Triton Inference Server 输入验证错误漏洞
NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server has an input validation error vulnerability that can be exploited by attackers to cause a denial of service...
Security Bulletin: NVIDIA Triton Inference Server - February 2025
NVIDIA has released a software update for NVIDIA® Triton Inference Server. To protect your system, download and install the latest release from the Triton Inference Server Releases page on GitHub and view the Secure Deployment Considerations Guide. Go to NVIDIA Product Security...
vLLM 安全漏洞
vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM that stems from a maliciously constructed statement that could lead to a hash collision, which could lead to cache reuse, which could interfere wi...
Use of Weak Hash
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a predictable constant value in the Python 3.12 built-in hash function. An attacker can interfere with subsequent...
CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
CVE-2022-21727
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...
CVE-2022-21728
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...
CVE-2024-0087
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege...
PYSEC-2025-58
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
The vulnerability of the software for deploying and executing AI models, NVIDIA Triton Inference Server (previously TensorRT Inference Server), allows a malicious actor to trigger a service failure.
The vulnerability of the software for deploying and executing AI models developed by NVIDIA Triton Inference Server previously known as TensorRT Inference Server relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
CVE-2020-10369
CVE-2020-10369 affects Cypress (and Broadcom) Wireless Combo chips. The connected Red Hat, CIRCL, NVD and related feeds describe a memory-content inference vulnerability via a Spectra attack when a January 2021 firmware update is not present. The vulnerability is tied to these wireless combo comp...
abraham3k (>=1.3.8 <=1.5.3), accutuning-helpers (>=1.0.32 <=1.0.33) +76 more potentially affected by CVE-2024-10073 via flair (>=0.10.0 <=0.9.0)
flair PYPI version =0.10.0, =1.3.8, =1.0.32, =0.0.1, =0.1.0, =0.0.6, =0.1.20, =0.1.0, =0.1.0, =0.0.1.1, =0.2.4, =0.1.1, =0.1.3 and more Source cves: CVE-2024-10073 Source advisory: SNYK:PYTHON-FLAIR-8230414...
NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability
NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an out-of-bounds read vulnerability that can be exploited by attackers to cause a denial of...