NVIDIA TRT-LLM 代码问题漏洞

NVIDIA TRT-LM is a high-performance inference framework developed by NVIDIA Corporation for optimizing the inference acceleration and deployment of large language models. NVIDIA TRT-LM has code-related vulnerabilities, including deserialization vulnerabilities and insecure serialization handles,...

Remote Code Execution (RCE)

vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network interfaces, allows insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network...

Insecure Serialization Data

corda-serialization is vulnerable to insecure serialization data. An attacker is able to use a CustomSerializer to modify the meaning of serialized data...

Aca Assurex Rentes Code Issue Vulnerability

Aca Assurex Rentes is a Saas service for the management of all types of funds from the French company Aca. The service covers the entire lifecycle of an annuity contract: liquidation, calculation simulation, pricing, arrears calculation, payments, revaluation, justification, calculation of...

GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

Arbitrary Code Execution

openjdk is vulnerable to arbitrary code execution. Successful exploitation of the insecure serialization filter changes via jdk.serialFilter property modification results in a complete takeover of the application...

Apache ActiveMQ Arbitrary Code Execution Vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.13.0 before 5.x version of a security vulnerability , the vulnerability...