11 matches found
CVE-2026-31250
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...
CVE-2026-31250
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...
CVE-2026-31250
CosyVoice (commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e) suffers an insecure deserialization vulnerability (CWE-502) in average_model.py used for model averaging. The tool loads PyTorch checkpoint files (epoch_*.pt) with torch.load() without enabling weights_only=True, allowing pickle-based de...
Memory Corruption
PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...
CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
GHSA-63CW-57P8-FM3P PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
Summary A vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to arbitrary code execution. Vulnerability Details The weightsonly=True unpickler...
ESXi 5.0 < Build 721882 Multiple Vulnerabilities (remote check)
The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - An error exists related to handling checkpoint files that could allow memory corruption leading to arbitrary code execution. CVE-2012-3288 - An error exists related to handling mobile device traffic data tha...
VMware Workstation Multiple Vulnerabilities (VMSA-2012-0011)
The VMware Workstation install detected on the remote host is 7.x earlier than 7.1.6, or 8.0.x earlier than 8.0.4 and is, therefore, potentially affected by the following vulnerabilities : - A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary co...
VMware Player Multiple Vulnerabilities (VMSA-2012-0011)
The VMware Player install detected on the remote host is 3.x earlier than 3.1.6, or 4.0.x, earlier than 4.0.4 and is, therefore, potentially affected by the following vulnerabilities : - A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary code...
VMSA-2012-0011:VMware hosted products and ESXi and ESX patches address security issues
VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0011 VMware Security Advisory Synopsis: VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory...