Lucene search
+L

59 matches found

Prion
Prion
added 2022/07/01 6:15 p.m.13 views

Deserialization of untrusted data

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...

7.5CVSS9.4AI score0.01976EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/07/01 6:15 p.m.31 views

PYSEC-2022-232

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...

9.8CVSS8.3AI score0.01976EPSS
Exploits0References1
OSV
OSV
added 2022/07/01 6:15 p.m.38 views

PYSEC-2022-231

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...

9.8CVSS7.5AI score0.01976EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/01 5:15 p.m.41 views

CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...

9.8CVSS9.8AI score0.01976EPSS
Exploits0References1
CVE
CVE
added 2022/07/01 5:15 p.m.129 views

CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module where YAML files are loaded with yaml.load() instead of yaml.safe_load(). This deserialization of untrusted data may allow an unauthenticated network attacker to cause Remote Code Execution, Denial of Service, and impa...

9.8CVSS9.4AI score0.01976EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/07/01 5:15 p.m.14 views

CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to bo...

9.8CVSS9.6AI score0.01976EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/07/01 5:15 p.m.30 views

CVE-2022-31604

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...

9.8CVSS9.8AI score0.01976EPSS
Exploits0References1
CVE
CVE
added 2022/07/01 5:15 p.m.119 views

CVE-2022-31604

CVE-2022-31604 affects NVFLARE prior to 2.1.2. The PKI module deserializes CA credentials via pickle, enabling deserialization of untrusted data and potentially enabling Remote Code Execution, Denial of Service, and impact to Confidentiality/Integrity/Availability. Exploitation details are not pr...

9.8CVSS9.4AI score0.01976EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/07/01 5:15 p.m.13 views

CVE-2022-31604

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...

9.8CVSS9.6AI score0.01976EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.5 views

NVIDIA NVFLARE 代码问题漏洞

NVIDIA NVFLARE is a standalone Python library from NVIDIA, Inc. Designed to support joint learning between parties using their local secure protected data for client-side training, it also includes functionality for coordinating and exchanging the progress of results across all sites to achieve...

9.8CVSS8.6AI score0.01976EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.6 views

NVIDIA NVFLARE 代码问题漏洞

NVIDIA NVFLARE is a standalone Python library from NVIDIA, Inc. Designed to support joint learning between parties using their local secure protected data for client-side training, it also includes functionality for coordinating and exchanging the progress of results across all sites to achieve...

9.8CVSS8.6AI score0.01976EPSS
Exploits0References2
Veracode
Veracode
added 2022/06/23 11:31 a.m.21 views

Deserialization Of Untrusted Data

nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the CA credentials are transported via pickle and not properly deserialized which allows an attacker to execute codes and cause an application crash...

9.8CVSS9.1AI score0.01976EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/06/23 11:1 a.m.19 views

Deserialization Of Untrusted Data

nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the yaml files are not loaded safely which allows an attacker to execute codes and cause an application crash...

9.8CVSS9.1AI score0.01976EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/06/22 9:22 p.m.63 views

GHSA-HRF3-622Q-8366 Unsafe yaml deserialization in NVFlare

Impact NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality...

9.8CVSS9.5AI score0.01976EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/22 9:22 p.m.30 views

Unsafe yaml deserialization in NVFlare

Impact NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality...

9.8CVSS9AI score0.01976EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/06/22 9:22 p.m.58 views

GHSA-RCXC-3W2M-MP8H Unsafe deserialisation in the PKI implementation scheme of NVFlare

Impact NVFLARE contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact...

9.8CVSS9.5AI score0.01976EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/22 9:22 p.m.22 views

Unsafe deserialisation in the PKI implementation scheme of NVFlare

Impact NVFLARE contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact...

9.8CVSS9.1AI score0.01976EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/03/23 4:58 a.m.16 views

Denial Of Service (DoS)

nvflare is vulnerable to denial of service. The MAXADMINCONNECTIONS parameter in the handle function of hci.py does not limit the max connection properly, allowing an attacker to crash the application...

7.5CVSS2.4AI score0.01042EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 11:18 p.m.28 views

Allocation of Resources Without Limits or Throttling in nvflare

Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable All versions before 2.0.16 are affected. Patches The patch will be included in nvflare==2.0.1...

7.8CVSS2.3AI score0.01042EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder