48 matches found
EUVD-2019-3595
Malware in sbrugna...
EUVD-2019-13196
Malware in sbrugna...
EUVD-2019-13207
Malware in sbrugna...
EUVD-2017-3762
Malware in sbrugna...
EUVD-2024-16196
Malicious code in bioql PyPI...
Privacy-Preserving Federated Learning against Malicious Clients Based on Verifiable Functional Encryption
Federated learning is a promising distributed learning paradigm that enables collaborative model training without exposing local client data, thereby protect data privacy. However, it also brings new threats and challenges. The advancement of model inversion attacks has rendered the plaintext...
SecureFed: a Two-Phase Framework for Detecting Malicious Clients in Federated Learning
Federated Learning FL protects data privacy while providing a decentralized method for training models. However, because of the distributed schema, it is susceptible to adversarial clients that could alter results or sabotage model performance. This study presents SecureFed, a two-phase FL...
Toward Malicious Clients Detection in Federated Learning
Federated learning FL enables multiple clients to collaboratively train a global machine learning model without sharing their raw data. However, the decentralized nature of FL introduces vulnerabilities, particularly to poisoning attacks, where malicious clients manipulate their local models to...
CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list ...
Defending the Edge: Representative-Attention for Mitigating Backdoor Attacks in Federated Learning
Federated learning FL enhances privacy and reduces communication cost for resource-constrained edge clients by supporting distributed model training at the edge. However, the heterogeneous nature of such devices produces diverse, non-independent, and identically distributed non-IID data, making t...
GHSA-F8MX-CWFH-7HR2 TShock allows chat while not fully connected, possible ban evasion
This issue was reported to TShock by @ohayo, but was found by the Discord user by the name of sofurry.com. Please note that this user does not own this domain on the internet, just the discord handle. TShock overrides certain Terraria vanilla systems, including chat, and the connection handling,...
PT-2025-5636 · Tshock · Tshock
Name of the Vulnerable Software and Affected Versions: TShock affected versions not specified Description: This issue allows malicious clients to connect to a server without completing the connection handshake, occupying a player slot, and receiving data from the server, even if they are banned...
dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service...
dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service...
dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service...
CVE-2022-39173
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list ...
Denial Of Service (DoS)
OPCFoundation.NetStandard.Opc.Ua is vulnerable to denial of service. The vulnerability exists due to improper configuration of maximum chunk count which allows malicious clients to cause an application crash via a carefully crafted message...
Denial Of Service (DoS)
opcfoundation.netstandard.opc.ua is vulnerable to denial of service. The vulnerability exists due to the lack of maximum chunk count check-in requests which allows malicious clients to cause an application crash...
Authentication Bypass
OPCFoundation.NetStandard.Opc.Ua is vulnerable to authentication bypass. The vulnerability exists due to the incorrect implementation of the authentication algorithm in the library, allowing malicious clients or servers to bypass the application authentication mechanism and connect to untrusted...
CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections...