72 matches found
Scaling Decentralized Learning with FLock
Fine-tuning the large language models LLMs are prevented by the deficiency of centralized control and the massive computing and communication overhead on the decentralized schemes. While the typical standard federated learning FL supports data privacy, the central server requirement creates a...
PolyGuard: Massive Multi-Domain Safety Policy-Grounded Guardrail Dataset
Whitepaper called PolyGuard: Massive Multi-Domain Safety Policy-Grounded Guardrail Dataset...
Check Point Multi-Domain Security Management 安全漏洞
Check Point Multi-Domain Security Management is a centralized management solution from Check Point Israel for large-scale distributed environments with many discrete network segments. A security vulnerability exists in Check Point Multi-Domain Security Management, which stems from the possibility...
MAL-2024-10889 Malicious code in webpack-support-multi-domain-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df28dfaede54bce66eb7320e580118358e8db8869c014298d0a7abb4a0e43497 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 39 Update: rust-scx_rusty-0.5.4-2.fc39
A multi-domain, BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...
sssd bug fix update
An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...
Medium: nginx
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Amazon Linux 2023 : vsftpd (ALAS2023-2023-019)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-019 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687
Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...
K000132639: ALPACA: TLS vulnerability CVE-2021-3618
Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...
Access Restriction Bypass
nginx is vulnerable to access restriction bypass. The vulnerability exists because TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates which allows an attacker to gain access to the system and perform unauthorized actions...
ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
AZL-9190 CVE-2021-3618 affecting package vsftpd for versions less than 3.0.5-1
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
UBUNTU-CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
ROS-20220125-08
The Sendmail mail transfer agent vulnerability is related to a logical error in the TLS implementation when working with different protocols but using compatible certificates such as multi-domain or wildcard certificates. wildcard certificates. Exploitation of the vulnerability could allow an...
ROS-20220125-02
Nginx web server vulnerability is related to a logical error in TLS implementation when working with different protocols but using compatible certificates, such as multi-domain or wildcard certificates. certificates. Exploitation of the vulnerability could allow an attacker acting remotely to...