5 matches found
UBUNTU-CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
Remote Code Execution (RCE)
vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network interfaces, allows insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network...
Deserialization of Untrusted Data
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Mooncake integration. An attacker can execute arbitrary code by sending malicious payloads to a pickle base...
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
Impacted Deployments Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable. Description vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were...
GHSA-HJ4W-HM2G-P6W5 vLLM Vulnerable to Remote Code Execution via Mooncake Integration
Impacted Deployments Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable. Description vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were...