Ubuntu: Security Advisory (USN-7606-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CADRE: Customizable Assurance of Data Readiness in Privacy-Preserving Federated Learning

Privacy-Preserving Federated Learning PPFL is a decentralized machine learning approach where multiple clients train a model collaboratively. PPFL preserves privacy and security of the client's data by not exchanging it. However, ensuring that data at each client is of high quality and ready for...

A Linear Approach to Data Poisoning

We investigate the theoretical foundations of data poisoning attacks in machine learning models. Our analysis reveals that the Hessian with respect to the input serves as a diagnostic tool for detecting poisoning, exhibiting spectral signatures that characterize compromised datasets. We use rando...

SUSE CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

westarcwelding.com Improper Access Control vulnerability OBB-3815652

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

inner.org Cross Site Scripting vulnerability OBB-3284672

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer

Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...

blog.reddremedies.com Cross Site Scripting vulnerability OBB-2357758

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 CVSS score: 8.8, the issue concerns a buffer overflow in a print driver installer package named...

JetBrains Security Bulletin Q2 2019

FYI Security JetBrains Security Bulletin Q2 2019 Robert Demmer This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the second quarter of 2019. Here’s a summary report that comprises the affected product, the description of each issue, its severit...

Dell EMC ViPR Controller Information Exposure Vulnerability

Exploit for linux platform in category dos / poc DSA-2018-071: Dell EMC ViPR Controller Information Exposure Vulnerability Dell EMC Identifier: DSA-2018- 071 CVE Identifier: CVE-2018-1240 Severity: Medium Severity Rating: CVSS v3 Base Score: 5.4 AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H Affected...

EMC ESRS Policy Manager Undocumented Account Vulnerability

EMC ESRS Policy Manager is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Versions prior to 6.8 are affected. EMC ESRS Policy Manager Undocumented Account Vulnerability CVE Identifier: CVE-2017-4976...

ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability EMC Identifier: EMC-2015-012 CVE Identifier: CVE-2015-0519 Severity Rating: CVSS v2 Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Affected products: • EMC Captiva Capture 7....

ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability

ESA-2014-018.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability EMC Identifier: ESA-2014-018 CVE Identifier: CVE-2014-2276 Severity Rating: CVSS v2 Base Score: CVSS: 5 AV:N/AC:L/Au:N/C:P/I:N/A:N...

ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability

ESA-2013-018.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-018: EMC Smarts Product - Cross Site Scripting Vulnerability EMC Identifier: ESA-2013-018 CVE Identifier: CVE-2013-0936 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected products: EMC Smarts Product...

Unfixed XSS vulnerability at www.home-remedies-for-you.com

Security researcher CoNqUeRoR, has submitted on 11/08/2007 a cross-site-scripting XSS vulnerability affecting www.home-remedies-for-you.com, which at the time of submission ranked 45566 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/08/2007...

limewire480.txt

Summary: Recent versions of the LimeWire client contain vulnerabilities that allow a remote user access to many or all files on a users machine. LimeWire is a popular client for the Gnutella filesharing network. Vulnerability 1 - Inappropriate Handling of "resource get" requests. Symptom:A remote...