Lucene search
K

128 matches found

CVE
CVE
added 2026/04/01 4:59 p.m.16 views

CVE-2026-34159

The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...

9.8CVSS6.2AI score0.01126EPSS
Exploits2References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/01 4:59 p.m.5 views

CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.4AI score0.01126EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29570

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...

9.8CVSS6.3AI score0.01126EPSS
Exploits2References24
NVD
NVD
added 2026/03/03 6:16 p.m.15 views

CVE-2026-3437

An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

9.3CVSS0.00159EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

Portwell Engineering Toolkits 缓冲区错误漏洞

Portwell Engineering Toolkits is a software development and management toolkit developed by Portwell Company in Singapore. Version 4.8.2 of Portwell Engineering Toolkits contains a buffer error vulnerability. This vulnerability stems from improper restrictions on memory buffer operations, which m...

9.3CVSS6.1AI score0.00159EPSS
Exploits1References2
Kaspersky
Kaspersky
added 2026/02/23 12:0 a.m.6 views

KLA90899 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in Media can be exploited to cause denial of service. 2. Out of bounds memory...

9.8CVSS5.7AI score0.0034EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

8.5CVSS0.0016EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : dpdk-21.11.2-1.el9 (AXSA:2023-5000:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5000:03 advisory. dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

8.6CVSS5.6AI score0.0188EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001340 advisory. An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still...

8.7CVSS6.6AI score0.0066EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 7 : httpd-2.4.6-99.1.0.8.el7.AXS7 (AXSA:2025-10561:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10561:05 advisory. CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow CVE-2006-20001: moddav: out-of-bounds read/write CVEs: CVE-2020-35452 Apache HTT...

7.5CVSS7.7AI score0.53191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.8 views

PT-2026-1082

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A use of externally-controlled format string vulnerability...

6.5CVSS6.7AI score0.00285EPSS
Exploits0References5
CVE
CVE
added 2025/12/17 3:13 a.m.24 views

CVE-2025-14303

MSI MSI motherboards (Intel 600/700 series chipsets) are affected by CVE-2025-14303, a protection mechanism failure where IOMMU is not correctly initialized during early boot. This allows a DMA-capable PCIe device with physical access to read or modify arbitrary memory before the OS kernel and se...

7CVSS6.4AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

ASRock Motherboards 安全漏洞

ASRock Motherboards is a series of motherboards from ASRock Taiwan, China. A security vulnerability exists in ASRock Motherboards, which stems from IOMMU not being properly enabled, which could allow an unauthenticated physical attacker to read or write arbitrary physical memory before the...

7CVSS6.8AI score0.00311EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414651 advisory. An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still...

8.7CVSS6.6AI score0.0066EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-36133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure Wor...

7.1CVSS7.2AI score0.0026EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.13 views

TencentOS Server 2: httpd (TSSA-2025:0526)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.69803EPSS
Exploits2References15
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This...

8.8CVSS8.4AI score0.07387EPSS
Exploits4References2
OSV
OSV
added 2025/07/02 9:15 a.m.5 views

CVE-2025-27021

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...

7.8CVSS5.9AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2025/06/11 5:42 a.m.1 views

SUSE-SU-2025:01883-1 Security update for libjxl

This update for libjxl fixes the following issues: - CVE-2024-11403: Fix out of bounds memory read/write in libjxl bsc1233768...

9.8CVSS6AI score0.0063EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/02 3:16 a.m.7 views

kernel: vsock: Keep the binding until socket destruction

A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...

7.8CVSS7.3AI score0.00844EPSS
Exploits3References5
Rows per page
Query Builder