4172 matches found
PYSEC-2023-196
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
Default configuration
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930
The CVE-2023-23930 entry concerns vantage6, a privacy-preserving federated learning platform. Versions before 4.0.0 default to Python pickle for serialization, which has known security issues; all users posting tasks with the default serialization are affected. A patch exists in version 4.0.0 tha...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
vantage6 Code Issue Vulnerability
vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in vantage6 versions prior to 4.0.0 that stems from the use of pickle as the default serialization module...
Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks
Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...
Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products
Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...
Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Workload Scheduler is vulnerable to an unspecified vulnerability.
Summary IBM® SDK Java™ Technology Edition is used by IBM Workload Scheduler. CVE-2023-21830, CVE-2023-21843 Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of...
[SECURITY] Fedora 39 Update: rubygem-activemodel-7.0.7.2-1.fc39
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...
OESA-2023-1650 openjdk-latest security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2023-1646 openjdk-1.8.0 security update
The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2023-1643 openjdk-1.8.0 security update
The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2023-1642 openjdk-1.8.0 security update
The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
CVE-2023-4314
The wpDataTables WordPress plugin prior to version 2.1.66 fails to validate the input for the Serialized PHP array before deserialization, enabling an admin-assisted PHP object injection that may lead to remote code execution if a gadget chain exists. Affected software: wpDataTables
OESA-2023-1601 openjdk-latest security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2023-1602 openjdk-latest security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2023-1603 openjdk-latest security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...