CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...

CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...

CVE-2024-53010 Improper Access Control in Core

Memory corruption may occur while attaching VM when the HLOS retains access to VM...

CVE-2024-53010

CVE-2024-53010 describes a memory-corruption issue that can occur when attaching a VM if the Host OS retains access to the VM. The connected sources indicate this affects Qualcomm Snapdragon/closed‑source components and is categorized as high severity (CVSS v3.1: 7.8, Local, Privileges Required: ...

A Review of Various Datasets for Machine Learning Algorithm-Based Intrusion Detection System: Advances and Challenges

IDS aims to protect computer networks from security threats by detecting, notifying, and taking appropriate action to prevent illegal access and protect confidential information. As the globe becomes increasingly dependent on technology and automated processes, ensuring secured systems,...

Parallels Desktop 安全漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. A security vulnerability exists in Parallels Desktop for Mac version 20.1.1, which stems from a hard-link issue in the Virtual Machine Archive Recovery feature that could lead to elevated...

Fingerprinting Deep Learning Models Via Network Traffic Patterns in Federated Learning

Federated Learning FL is increasingly adopted as a decentralized machine learning paradigm due to its capability to preserve data privacy by training models without centralizing user data. However, FL is susceptible to indirect privacy breaches via network traffic analysis-an area not explored in...

A Systematic Review of Metaheuristics-Based and Machine Learning-Driven Intrusion Detection Systems in IoT

The widespread adoption of the Internet of Things IoT has raised a new challenge for developers since it is prone to known and unknown cyberattacks due to its heterogeneity, flexibility, and close connectivity. To defend against such security breaches, researchers have focused on building...

ConnectWise ScreenConnect Improper Authentication Vulnerability

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

Robust and Verifiable MPC with Applications to Linear Machine Learning Inference

In this work, we present an efficient secure multi-party computation MPC protocol that provides strong security guarantees in settings with dishonest majority of participants who may behave arbitrarily. Unlike the popular MPC implementation known as SPDZ Crypto '12, which only ensures security wi...

GHSA-G9F5-X53J-H563 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

VulnCheck KEV: CVE-2025-3935

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

CHIP: Chameleon Hash-Based Irreversible Passport for Robust Deep Model Ownership Verification and Active Usage Control

The pervasion of large-scale Deep Neural Networks DNNs and their enormous training costs make their intellectual property IP protection of paramount importance. Recently introduced passport-based methods attempt to steer DNN watermarking towards strengthening ownership verification against...

DaaS - Change master image it fails with "ProvisioningTaskError"

Unable to update DaaS Machine Catalog - Access Machine Catalog "Change master image" it fails with "ProvisioningTaskError" ErrorMessage - HandleExplicitStorage Failed Error retrieving item from path ""...

Adversarial Machine Learning for Robust Password Strength Estimation

Passwords remain one of the most common methods for securing sensitive data in the digital age. However, weak password choices continue to pose significant risks to data security and privacy. This study aims to solve the problem by focusing on developing robust password strength estimation models...

Adaptive Privacy-Preserving SSD

Data remanence in NAND flash complicates complete deletion on IoT SSDs. We design an adaptive architecture offering four privacy levels PL0-PL3 that select among address, data, and parity deletion techniques. Quantitative analysis balances efficacy, latency, endurance, and cost. Machine-learning...

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

After updating MCS Catalog no changes are made to the VMs in the catalog

MCS catalog can be updated with a new master image with no errors. Howver when the VMs are rebooted from the DAAS console the VMS are not updated with the new image...

Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...

SUSE-SU-2025:20349-1 Security update for kernel-livepatch-MICRO-6-0_Update_3

This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: - CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 - CVE-2024-50115: KVM: nSV...