CVE-2024-21671

The CVE-2024-21671 entry describes a username timing attack in the vantage6 login flow. Attackers could infer valid usernames from login response timing, aiding credential-based attacks. The issue is documented for vantage6 and is addressed by upgrading to version 4.2.0, which patches the vulnera...

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21649 Remote code execution

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

CVE-2024-21649

The CVE-2024-21649 issue affects the vantage6 framework. Affected: vantage6 before version 4.2.0 where authenticated users could inject code into algorithm environment variables, enabling remote code execution. Impact is described as high in CVE metrics (C/H/I/H/A/H) with network attack vector an...

CVE-2024-21649 Remote code execution

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

vantage6 Security Vulnerabilities

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability previously existed in vantage6 version 4.2.0 that stemmed from an authenticated user being able to inject code into an algorithmic environment variable...

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability previously existed in vantage6 version 4.2.0 that stemmed from the ability to find out a username from the response time of a login request...

vantage6 安全漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage that stems from the fact that input is not checked to see if it is encrypted if the task is created in encrypted...

TemporAI Code Issue Vulnerability

TemporAI is a machine learning-centered medical time series library open-sourced by vanderSchaar LAB. A code issue vulnerability exists in vanderSchaar LAB TemporAI version 0.0.3, which stems from an incorrect operation that can lead to deserialization...

Poisoning AI Models

New research into poisoning AI models: The researchers first trained the AI models using supervised learning and then used additional "safety training" methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidde...

Design/Logic Flaw

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

Exploit for Server-Side Request Forgery in Apache Ofbiz

BadBizness Automatic exploitation scrip...

portal.learningally.org Cross Site Scripting vulnerability OBB-3830154

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the software for working with Azure Machine Learning algorithms lies in the lack of protection for service data, which allows a malicious actor to gain unauthorized access to the device.

The vulnerability of the software for working with Azure Machine Learning algorithms is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

Rapid7’s Data-Centric Approach to AI in Belfast

Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...