182 matches found
CVE-2024-22193
The CVE-2024-22193 issue affects the vantage6 platform, where there are no checks to ensure input encryption when a task is created within an encrypted collaboration, allowing sensitive data to be stored unencrypted in a database. The root cause is improper handling of encryption settings during ...
CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...
CVE-2024-21603
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage SCU / destination class usage DCU more th...
Input validation
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service DoS. On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003,...
The vulnerability of the SIP ALG firewall on Juniper Networks Junos operating systems on devices with MS-MPC or MS-MIC interfaces allows a attacker to cause a service failure.
The vulnerability of the SIP ALG server on Juniper Networks’ Junos operating system on devices with MS-MPC or MS-MIC interfaces is related to incorrect handling of requests. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Malicious code in mpc-ap-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Design/Logic Flaw
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Authentication Bypass by Capture-replay
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
SUSE CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...
SUSE CVE-2017-11532
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage function in coders/mpc.c...
SUSE CVE-2017-14249
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file...
SUSE CVE-2018-14434
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c...
mpc-rnd.com Cross Site Scripting vulnerability OBB-2526908
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-31379
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...
CVE-2021-31369
On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service DoS with a high rate of specific traffic. If a Class of Service CoS rule is...
Design/Logic Flaw
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...
Input validation
An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service DoS. Continued receipt and processing o...
Design/Logic Flaw
On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service DoS with a high rate of specific traffic. If a Class of Service CoS rule is...