128 matches found
CVE-2026-34159
The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...
CVE-2026-34159
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
PT-2026-29570
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...
CVE-2026-3437
An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...
Portwell Engineering Toolkits 缓冲区错误漏洞
Portwell Engineering Toolkits is a software development and management toolkit developed by Portwell Company in Singapore. Version 4.8.2 of Portwell Engineering Toolkits contains a buffer error vulnerability. This vulnerability stems from improper restrictions on memory buffer operations, which m...
KLA90899 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in Media can be exploited to cause denial of service. 2. Out of bounds memory...
CVE-2026-23763
VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...
MiracleLinux 9 : dpdk-21.11.2-1.el9 (AXSA:2023-5000:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5000:03 advisory. dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001340)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001340 advisory. An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still...
MiracleLinux 7 : httpd-2.4.6-99.1.0.8.el7.AXS7 (AXSA:2025-10561:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10561:05 advisory. CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow CVE-2006-20001: moddav: out-of-bounds read/write CVEs: CVE-2020-35452 Apache HTT...
PT-2026-1082
Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A use of externally-controlled format string vulnerability...
CVE-2025-14303
MSI MSI motherboards (Intel 600/700 series chipsets) are affected by CVE-2025-14303, a protection mechanism failure where IOMMU is not correctly initialized during early boot. This allows a DMA-capable PCIe device with physical access to read or modify arbitrary memory before the OS kernel and se...
ASRock Motherboards 安全漏洞
ASRock Motherboards is a series of motherboards from ASRock Taiwan, China. A security vulnerability exists in ASRock Motherboards, which stems from IOMMU not being properly enabled, which could allow an unauthenticated physical attacker to read or write arbitrary physical memory before the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414651)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414651 advisory. An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still...
Linux Distros Unpatched Vulnerability : CVE-2021-36133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure Wor...
TencentOS Server 2: httpd (TSSA-2025:0526)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2019-9813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This...
CVE-2025-27021
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...
SUSE-SU-2025:01883-1 Security update for libjxl
This update for libjxl fixes the following issues: - CVE-2024-11403: Fix out of bounds memory read/write in libjxl bsc1233768...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...