EUVD-2020-18145

Malware in sbrugna...

CVE-2020-25459

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

data-agora (=0.1.1), dtx (>=0.31.0 <=0.34.0) +10 more potentially affected by CVE-2024-10044 via fastchat (=0.1.0)

fastchat PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastchat and may be impacted: - data-agora =0.1.1 - dtx =0.31.0, =0.2.0, =0.18.3, =0.0.2, =0.4.0, =0.0.1, =0.1.3, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2024-10044 Source...

fate-cakes.com Cross Site Scripting vulnerability OBB-3904001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-25459

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

Design/Logic Flaw

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

CVE-2020-25459

CVE-2020-25459 affects WeBank FATE (Federated AI Technology Enabler) versions 0.1–1.4.2, via the function sync_tree in hetero_decision_tree_guest.py, allowing an attacker to read sensitive information during training. Connected advisories corroborate the issue and note patches in affected project...

SUSE: Security Advisory (SUSE-SU-2015:0581-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:1473-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : nghttp2 (openSUSE-2019-2234) (Data Dribble) (Resource Loop)

This update for nghttp2 fixes the following issues : Security issues fixed : - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

SQL Injection Vulnerability in *z.asp System of Guilin Fate Network Technology Co.

Ltd. is committed to the low-end market, serving small and medium-sized enterprise customers as well as individuals, and doing a good job with every website. There is a SQL injection vulnerability in z.asp, which can be exploited by attackers to obtain database information...

SQL Injection Vulnerability in Website Building System *zz.asp of Guilin Fate Network Technology Co.

Ltd. is committed to the middle and low-end market, serving small and medium-sized micro-enterprise customers as well as individuals, and doing a good job with every website. Ltd. website building system zz.asp there is a SQL injection vulnerability, attackers can use this vulnerability to obtain...

SQL injection vulnerability in we***.asp page of website builder system of Guilin Fate Network Technology Co.

Ltd. is committed to the middle and low-end market, serving small and medium-sized micro-enterprise customers as well as individuals, and doing a good job with every website. Ltd. website building system we.asp page SQL injection vulnerability, attackers can use the vulnerability to obtain...

SUSE SLED15 / SLES15 Security Update : zypper, libzypp / libsolv (SUSE-SU-2019:2030-1)

This update for libzypp and libsolv fixes the following issues : Security issues fixed : CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c function testcaseread bsc1120629. CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c function testcasestr2depcomplex in...

openSUSE Security Update : sssd (openSUSE-2019-1174)

This update for adcli and sssd provides the following improvement : Security vulnerability fixed : - CVE-2019-3811: Fix fallbackhomedir returning '/' for empty home directories bsc1121759 Other fixes : - Add an option to disable checking for trusted domains in the subdomains provider bsc1125617 -...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-398) (Spectre)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...

SUSE SLES12 Security Update : smt, yast2-smt (SUSE-SU-2018:2898-1)

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues : These security issues were fixed in SMT : CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. CVE-2018-12470: SQL injection in...

fate-go.gamerch.com XSS vulnerability

Open Bug Bounty ID: OBB-647224 Description| Value ---|--- Affected Website:| fate-go.gamerch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

openSUSE Security Update : libvirt (openSUSE-2018-115)

This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's...