59 matches found
Deserialization of untrusted data
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...
PYSEC-2022-232
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...
PYSEC-2022-231
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...
CVE-2022-31605
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...
CVE-2022-31605
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module where YAML files are loaded with yaml.load() instead of yaml.safe_load(). This deserialization of untrusted data may allow an unauthenticated network attacker to cause Remote Code Execution, Denial of Service, and impa...
CVE-2022-31605
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...
CVE-2022-31604
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...
CVE-2022-31604
CVE-2022-31604 affects NVFLARE prior to 2.1.2. The PKI module deserializes CA credentials via pickle, enabling deserialization of untrusted data and potentially enabling Remote Code Execution, Denial of Service, and impact to Confidentiality/Integrity/Availability. Exploitation details are not pr...
CVE-2022-31604
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...
NVIDIA NVFLARE 代码问题漏洞
NVIDIA NVFLARE is a standalone Python library from NVIDIA, Inc. Designed to support joint learning between parties using their local secure protected data for client-side training, it also includes functionality for coordinating and exchanging the progress of results across all sites to achieve...
NVIDIA NVFLARE 代码问题漏洞
NVIDIA NVFLARE is a standalone Python library from NVIDIA, Inc. Designed to support joint learning between parties using their local secure protected data for client-side training, it also includes functionality for coordinating and exchanging the progress of results across all sites to achieve...
Deserialization Of Untrusted Data
nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the CA credentials are transported via pickle and not properly deserialized which allows an attacker to execute codes and cause an application crash...
Deserialization Of Untrusted Data
nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the yaml files are not loaded safely which allows an attacker to execute codes and cause an application crash...
GHSA-HRF3-622Q-8366 Unsafe yaml deserialization in NVFlare
Impact NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality...
Unsafe yaml deserialization in NVFlare
Impact NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality...
GHSA-RCXC-3W2M-MP8H Unsafe deserialisation in the PKI implementation scheme of NVFlare
Impact NVFLARE contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact...
Unsafe deserialisation in the PKI implementation scheme of NVFlare
Impact NVFLARE contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact...
Denial Of Service (DoS)
nvflare is vulnerable to denial of service. The MAXADMINCONNECTIONS parameter in the handle function of hci.py does not limit the max connection properly, allowing an attacker to crash the application...
Allocation of Resources Without Limits or Throttling in nvflare
Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable All versions before 2.0.16 are affected. Patches The patch will be included in nvflare==2.0.1...