CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to...

CVE-2023-23930

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

Default configuration

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

CVE-2023-23930

The CVE-2023-23930 entry concerns vantage6, a privacy-preserving federated learning platform. Versions before 4.0.0 default to Python pickle for serialization, which has known security issues; all users posting tasks with the default serialization are affected. A patch exists in version 4.0.0 tha...

PT-2023-28141 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.0.0 Description: vantage6 is privacy preserving federated learning infrastructure. The endpoint "/api/collaboration/id/task" is used to collect all tasks from a certain collaboration. To get such tasks, a user...

Cracking ShellTorch Vulnerabilities Exposing TorchServe to RCE

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A trio of security vulnerabilities, dubbed ShellTorch, in the open-source machine-learning model TorchServe, a tool for serving and scaling PyTorch models, could be chained to achieve remote code...

CVE-2023-40607

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

CVE-2023-40607

CVE-2023-40607 is a CSRF vulnerability in the WordPress plugin CLUEVO LMS, E-Learning Platform , affecting versions ≤ 1.10.0 . The issue could enable an unauthenticated attacker to trigger actions on behalf of a user; remediation is to upgrade to version 1.11.0 or newer . Public sources show vary...

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

WordPress Plugin CLUEVO LMS, E-Learning Platform Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities

By Waqas Dubbed ShellTorch by researchers; these PyTorch vulnerabilities are troubling for the artificial intelligence AI and machine learning ML community. This is a post from HackRead.com Read the original post: ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities...

lumoslearning.com Cross Site Scripting vulnerability OBB-3713697

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-42807

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app...

CVE-2023-42807

CVE-2023-42807 affects Frappe LMS prior to the latest main branch. The vulnerability is an SQL injection in the People Page of the LMS (versions 1.0.0 and earlier). Root cause: unsafely constructed SQL on the People Page allowing data extraction/manipulation. Impact: high across confidentiality, ...

Wiz launches support for Amazon SageMaker, helping organizations innovate faster and more securely with AI

Wiz helps accelerate the machine learning journey for practitioners by protecting their generative AI applications...

Frappe Technologies Frappe SQL Injection Vulnerability

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A SQL injection vulnerability exists in Frappe LMS 1.0.0 and prior versions, which stems from a SQL injection vulnerability in the People Page page...

NVIDIA DGX Input Validation Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC that stems from incorrect input validation...