16 matches found
GHSA-HGG8-FQQC-VFMW vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...
CVE-2026-22778
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
The vulnerability in the `core/lib/iomgr/error.c` file of the Google GRPC system, related to out-of-buffer writing, allows a attacker to cause memory corruption and execute arbitrary code.
The vulnerability in the core/lib/iomgr/error.c function of the Google GRPC system is related to buffer out-of-bounds writing. Exploiting this vulnerability could allow a remote attacker to cause memory corruption and execute arbitrary code...
CVE-2022-33024
There is an Assertion int decodepreR13entitiesBITCODERL, BITCODERL, unsigned int, BITCODERL, BITCODERL, BitChain , DwgData ' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608...
September 24, 2019—KB4516048 (Preview of Monthly Rollup)
September 24, 2019—KB4516048 Preview of Monthly Rollup IMPORTANT Verify that you have installed the recommended updates listed in the How to get this update section before installing this update. For all updates starting with August 13, 2019, we strongly recommend that you install these updates t...
Microsoft Windows and Windows Server Input Validation Error Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An input validation error vulnerability exists in fontsub.dll in Microsoft Windows and...
CVE-2018-17237
A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...
Microsoft Windows Multiple Vulnerabilities (KB4041693)
This host is missing a critical security update according to Microsoft KB4041693 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code
Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the cairotruetypeindextoucs4 function in the Cairo library. Exploiting this vulnerability allows malicious actors to execute arbitrary code using a specially crafted extension that processes fon...
CentOS Update for glibc CESA-2015:0016 centos6
Check the version of glibc SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882090";...
CVE-2014-5119
Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...
CrystalPlayer 1.98 Playlist Crafted mls File Local Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl Crystal Player 1.98 Playlist.mls File Local Buffer Overflow Exploit Source:: http://www.crystalplayer.com/CrystalPro.exe Credit To Timq For The Vulnerability POC By Arham Muhammad While Debugging EIP And EBP Successfully Gets Overwritten! Upon...
CrystalPlayer 1.98 - .mls Local Buffer Overflow
CrystalPlayer 1.98 - .mls Local Buffer Overflow !/usr/bin/perl Crystal Player 1.98 Playlist.mls File Local Buffer Overflow Exploit Source:: http://www.crystalplayer.com/CrystalPro.exe Credit To Timq For The Vulnerability POC By Arham Muhammad While Debugging EIP And EBP Successfully Gets...
USN-265-1: cairo/Evolution library vulnerability
When rendering glyphs, the cairo graphics rendering library did not check the maximum length of character strings. A request to display an excessively long string with cairo caused a program crash due to an X library error. Mike Davis discovered that this could be turned into a Denial of Service...
CVE-2002-1446
The error checking routine used for the CVerify call on a symmetric verification key in the nCipher PKCS11 library 1.2.0 and later returns the CKROK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages...
Weak nCipher PKCS#11 encryption
Library error may lead to uncrypted key in certificate...