BIT-MONGODB-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to remove the drm bridge during aggregation driver uninstallation, which could lead to reuse after...

Linux Distros Unpatched Vulnerability : CVE-2025-6706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have...

Linux Distros Unpatched Vulnerability : CVE-2024-8654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This...

net/mlx5: Reload only IB representors upon lag disable/enable

...

Linux Distros Unpatched Vulnerability : CVE-2021-32037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually,...

Linux Distros Unpatched Vulnerability : CVE-2024-5660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Hardware Page Aggregation HPA and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1,...

On the Security and Privacy of Federated Learning: a Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions

Federated Learning FL is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provide...

Linux Distros Unpatched Vulnerability : CVE-2021-32040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of th...

Developing a Transferable Federated Network Intrusion Detection System

Intrusion Detection Systems IDS are a vital part of a network-connected device. In this paper, we develop a deep learning based intrusion detection system that is deployed in a distributed setup across devices connected to a network. Our aim is to better equip deep learning models against unknown...

MADPromptS: Unlocking Zero-Shot Morphing Attack Detection with Multiple Prompt Aggregation

Face Morphing Attack Detection MAD is a critical challenge in face recognition security, where attackers can fool systems by interpolating the identity information of two or more individuals into a single face image, resulting in samples that can be verified as belonging to multiple identities by...

Linux Distros Unpatched Vulnerability : CVE-2022-50002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: LAG, fix logic over MLX5LAGFLAGNDEVSREADY Only set MLX5LAGFLAGNDEVSREADY if both netdevices are registered. Doing so guarantees that both...

Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning

Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...

From Split to Share: Private Inference with Distributed Feature Sharing

Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...

Linux Distros Unpatched Vulnerability : CVE-2023-52611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host maxreqsize in the RX path Lukas reports skboverpanic error...

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.4 Unexpected Behavior (SERVER-106746)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-106746 advisory. - An authenticated user may trigger a use after free that may result in MongoDB Server...

MongoDB 6.0.x < 6.0.22 / 7.0.x < 7.0.20 / 8.0.x < 8.0.7 Privilege Escalation (SERVER-106752)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.22, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.7. It is, therefore, affected by a vulnerability as referenced in the SERVER-106752 advisory. - An unauthorized user may leverage a specially crafted aggregation pipeline to access...

CVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

DP2Guard: a Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT

Privacy-Preserving Federated Learning PPFL has emerged as a secure distributed Machine Learning ML paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating...