PYSEC-2024-34

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2024-22200

Summary: CVE-2024-22200 affects vantage6-UI where the docker image leaks the nginx version, potentially enabling information disclosure. The issue is described in a Red Hat/PT Security entry as a broader vulnerability in the vantage6-UI interface with insufficient protection of service data, allo...

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653

The CVE-2024-21653 entry concerns the vantage6 architecture where node/server containers expose SSH with root login and password authentication by default. The root-cause is an insecure default SSH configuration rather than a flaw in core logic, and the described mitigation is to remove the SSH p...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

vantage6 Information Disclosure Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. vantage6 An information disclosure vulnerability exists in vantage6-UI that stems from the docker image used to run the UI disclosing the nginx version...

PT-2024-19000 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. By default, nodes and servers receive an ssh config...

The vulnerability of the official interface for developing container applications in Plone Docker exists due to the lack of measures to neutralize special elements. This allows a hacker to execute arbitrary code.

The vulnerability of the official Plone Docker image exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting code into the HOST header...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 CVE-2024-23897 - Arbitrary file read vulne...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

Remote code execution

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

Internet Bug Bounty: Denial of Service caused by HTTP/2 CONTINUATION Flood

A denial of service vulnerability was discovered in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M16, 10.1.0-M1 to 10.1.18, 9.0.0-M1 to 9.0.85, and 8.5.0 to 8.5.98. The vulnerability was caused by the way Tomcat processed HTTP/2 requests that exceeded configured limits for headers. A fix was releas...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527: Atlassian Confluence Vulnerability Introdu...

PT-2024-1348

Name of the Vulnerable Software and Affected Versions Plone Docker Official Image version 5.2.13 5221 Description The issue allows for remote code execution via improper validation of input by the HOST headers. This can be exploited by an attacker to execute arbitrary code by injecting code into...

CVE-2024-23055

Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. The Nuclei template describes this issue as enabling Cross-Site Scripting when a malicious Host header is reflected in the response, with the broader impact no...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...