80 matches found
CVE-2025-23320
CVE-2025-23320 affects the NVIDIA Triton Inference Server for Windows and Linux, with a vulnerability in the Python backend that could let an attacker send a very large request to exceed the shared memory limit and potentially disclose information. Affected component: Python backend processing of...
CVE-2025-23320
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure...
CVE-2025-23319
CVE-2025-23319 affects NVIDIA Triton Inference Server for Windows and Linux, specifically the Python backend. The vulnerability is an out-of-bounds write to memory buffer data that can be triggered by a crafted HTTP request. Successful exploitation could allow remote code execution, denial of ser...
CVE-2025-23318
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...
CVE-2025-23318
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...
NVIDIA Triton Inference Server 安全漏洞
Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An out-of-bounds...
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence AI models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remot...
PT-2025-32159 · Nvidia · Nvidia Triton Inference Server
Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server affected versions not specified Description: NVIDIA Triton Inference Server contains an issue in the Python backend that could allow an attacker to cause an out-of-bounds write. Successful exploitation of this...
PT-2025-32168 · Nvidia · Nvidia Triton Inference Server
Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server affected versions not specified Description: The NVIDIA Triton Inference Server contains an issue in the Python backend that allows an attacker to cause an out-of-bounds read by manipulating shared memory data. ...
OESA-2025-1799 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
OESA-2025-1798 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
OESA-2025-1713 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
Denial Of Service (DoS)
Protobuf is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested or recursive structures in the Pure-Python backend, leading to a RecursionError...
GHSA-8QVM-5X2C-J2W7 protobuf-python has a potential Denial of Service issue
Summary Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. Reporter: Alexis Challande, Trail of Bits...
AZL-64116 CVE-2025-4565 affecting package protobuf for versions less than 3.17.3-4
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
PT-2025-25564
Name of the Vulnerable Software and Affected Versions: Protobuf versions prior to 6.31.1 Description: The issue affects projects that use the Protobuf Pure-Python backend to parse untrusted Protocol Buffers data. This data can contain an arbitrary number of recursive groups, recursive messages, o...
WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit
This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'WatchGuard XTM Firebox Unauthenticated Remote Command Execution', 'Description' = %q This module exploits a buffer overflow at the...
Ivanti Connect Secure Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...
Personalized User Focused Security: Stethoscope
Stethoscope is a web application that collects information from existing device data sources e.g., JAMF or LANDESK on a given user’s devices and gives them clear and specific recommendations for securing their systems. Stethoscope consists of two primary pieces: a Python-based back-end and a...