PYSEC-2024-32

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

vantage6 安全漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage that stems from the fact that input is not checked to see if it is encrypted if the task is created in encrypted...

PT-2024-19266 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypte...

PT-2024-5040 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9 Description: The issue is related to the implementation of the SEV-SNP and SEV-ES protective mechanisms in the Linux kernel, which can be exploited by an untrusted hypervisor to inject virtual interrupts and...

CVE-2024-23655

CVE-2024-23655 affects Tuta (encrypted email service). A manipulation in emails sent to versions 3.118.12 through 3.119.9 can render the app unusable, preventing access to received emails on both the app and web interfaces. The issue has been fixed in version 3.119.10. In practice, an attacker co...

CVE-2024-23655 Attacker can prevent users from accessing received emails

Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusab...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

Default configuration

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

CVE-2024-23330

CVE-2024-23330 affects Tuta (encrypted email service). In versions before 119.10, an attacker can cause an image in a HTML email to load from an external resource by default, despite protections intended to block external content. The issue occurs when displaying emails containing external conten...

[SECURITY] Fedora 38 Update: openssh-9.0p1-18.fc38

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

The vulnerability of the receive_encrypted_standard() function in the fs/smb/client/smb2ops.c module of the SMB protocol client implementation in Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the receiveencryptedstandard function in the fs/smb/client/smb2ops.c module, which is part of the SMB protocol client implementation in Linux operating systems, relates to access to memory beyond the allocated buffer due to a numerical overflow. Exploiting this vulnerability...

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new...

Low: Red Hat Security Advisory: Logging Subsystem 5.7.10 - Red Hat OpenShift security update

Low: Logging Subsystem 5.7.10 - Red Hat OpenShift security update Red Hat Product Security has rated this update as having a security impact of low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...