Lucene search
K

182 matches found

CVE
CVE
added 2024/01/30 3:50 p.m.56 views

CVE-2024-22193

The CVE-2024-22193 issue affects the vantage6 platform, where there are no checks to ensure input encryption when a task is created within an encrypted collaboration, allowing sensitive data to be stored unencrypted in a database. The root cause is improper handling of encryption settings during ...

4.3CVSS4AI score0.00257EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/30 3:39 p.m.18 views

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

6.5CVSS6.9AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2024/01/12 1:15 a.m.5 views

CVE-2024-21603

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage SCU / destination class usage DCU more th...

6.5CVSS5.7AI score0.00508EPSS
Exploits0References2
Prion
Prion
added 2023/10/13 12:15 a.m.19 views

Input validation

An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service DoS. On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003,...

1.7CVSS5.6AI score0.00165EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/13 12:0 a.m.5 views

The vulnerability of the SIP ALG firewall on Juniper Networks Junos operating systems on devices with MS-MPC or MS-MIC interfaces allows a attacker to cause a service failure.

The vulnerability of the SIP ALG server on Juniper Networks’ Junos operating system on devices with MS-MPC or MS-MIC interfaces is related to incorrect handling of requests. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00467EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/26 12:0 a.m.4 views

Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References2
NVD
NVD
added 2023/04/21 6:15 p.m.33 views

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS6.5AI score0.00523EPSS
Exploits0References2
Prion
Prion
added 2023/04/21 6:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

3.6CVSS6.5AI score0.00523EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/04/21 12:0 a.m.36 views

Authentication Bypass by Capture-replay

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS6.7AI score0.00523EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/04/21 12:0 a.m.40 views

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.7AI score0.00523EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.5 views

SUSE CVE-2017-11449

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...

5.6CVSS9.7AI score0.03389EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.5 views

SUSE CVE-2017-11532

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage function in coders/mpc.c...

5.3CVSS9.1AI score0.01359EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.2 views

SUSE CVE-2017-14249

ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file...

5.3CVSS8.5AI score0.02068EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.5 views

SUSE CVE-2018-14434

ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c...

3.3CVSS6.8AI score0.02774EPSS
Exploits1References10
Openbugbounty
Openbugbounty
added 2022/04/19 10:36 a.m.14 views

mpc-rnd.com Cross Site Scripting vulnerability OBB-2526908

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2021/10/19 7:15 p.m.4 views

CVE-2021-31379

An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...

7.5CVSS5.8AI score0.01293EPSS
Exploits1References2
NVD
NVD
added 2021/10/19 7:15 p.m.16 views

CVE-2021-31369

On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service DoS with a high rate of specific traffic. If a Class of Service CoS rule is...

5.3CVSS0.00943EPSS
Exploits0References1
Prion
Prion
added 2021/10/19 7:15 p.m.17 views

Design/Logic Flaw

An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...

4.3CVSS7.6AI score0.01293EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/10/19 7:15 p.m.13 views

Input validation

An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service DoS. Continued receipt and processing o...

5CVSS7.5AI score0.00987EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/19 7:15 p.m.16 views

Design/Logic Flaw

On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service DoS with a high rate of specific traffic. If a Class of Service CoS rule is...

4.3CVSS5.2AI score0.00943EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder