AAmiles 安全漏洞

AAmiles is a machine learning project scanner. AAmiles suffers from a security vulnerability. An attacker exploited the vulnerability to access sensitive user information and digital currency keys, as well as to elevate privileges...

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test

In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test

In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...

registration.cheetahlearning.com Cross Site Scripting vulnerability OBB-2662759

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in azure-arm-machinelearningexperimentation-samples-js-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0134bbb1c3b162bd3ff1a31eb6f15b75ec14670f2808ebd5adcd62a2ae21d7c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1250 Malicious code in azure-arm-machinelearningexperimentation-samples-js-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0134bbb1c3b162bd3ff1a31eb6f15b75ec14670f2808ebd5adcd62a2ae21d7c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-arm-machinelearningexperimentation-samples-ts-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28e960d07673497cdac69a46cac88d71047e5c8b724995837b47b34b8ccc828e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1251 Malicious code in azure-arm-machinelearningexperimentation-samples-ts-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28e960d07673497cdac69a46cac88d71047e5c8b724995837b47b34b8ccc828e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-25459

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

Design/Logic Flaw

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

CVE-2020-25459

CVE-2020-25459 affects WeBank FATE (Federated AI Technology Enabler) versions 0.1–1.4.2, via the function sync_tree in hetero_decision_tree_guest.py, allowing an attacker to read sensitive information during training. Connected advisories corroborate the issue and note patches in affected project...

Attacking the Performance of Machine Learning Systems

Interesting research: "Sponge Examples: Energy-Latency Attacks on Neural Networks": Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in...

PacketStreamer - Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...

Idea LMS SQL注入漏洞

Idea LMS is a CMS. A SQL injection vulnerability exists in Idea LMS version 2022, which can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data...

NVIDIA DGX 缓冲区错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX A100 suffers from a buffer error vulnerability that originates from accessing an uninitialized pointer to SBIOS in Ofbd. An attacker could exploit this vulnerability to execute arbitrary code o...

NVIDIA DGX 输入验证错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. An input validation error vulnerability exists in NVIDIA DGX A100, which stems from incorrect validation of the SBIOS array index in IpSecDxe. An attacker could exploit this vulnerability to execute arbitrary...

Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary Watson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

The Forecast Is Flipped: Flipping L&D Enables Managers to Be Impact Multipliers

At Rapid7, we recognize that managers are at the heart of our mission and are central to optimizing the potential of our people. So naturally, focusing on the growth and development of our manager population became critical to productivity, engagement, retention, and creating strong teams, as wel...

[SECURITY] Fedora 35 Update: moodle-3.11.7-1.fc35

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

[SECURITY] Fedora 36 Update: moodle-3.11.7-1.fc36

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...