Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection

Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...

EUVD-2024-2568

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-3164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the shards parameter does not have a corresponding whitelist mechanism, a...

PoLO: Proof-Of-Learning and Proof-Of-Ownership at Once with Chained Watermarking

Machine learning models are increasingly shared and outsourced, raising requirements of verifying training effort Proof-of-Learning, PoL to ensure claimed performance and establishing ownership Proof-of-Ownership, PoO for transactions. When models are trained by untrusted parties, PoL and PoO mus...

CVE-2024-37286

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively...

CVE-2024-37286

The CVE-2024-37286 issue affects the Elastic APM Server (github.com/elastic/apm-server). The root cause is that during a partially failed bulk index, the ES response line can include the document body, which the APM server then logs on error, potentially exposing sensitive information. Several co...

CVE-2024-37286 APM Server Insertion of Sensitive Information into Log File

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively...

APM Server 8.14.0 Security Update (ESA-2024-19)

APM Server Insertion of Sensitive Information into Log File ESA-2024-19 APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM...

DEBIAN-CVE-2021-27905

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

CVE-2021-27905 SSRF vulnerability with the Replication handler

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

[SECURITY] Fedora 31 Update: golang-vitess-3.0-4.20190701git948c251.fc31

Vitess is a database clustering system for horizontal scaling of MySQL thro ugh generalized sharding. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multip le shards. With Vitess, you can even split and...

GHSA-VRH8-27Q8-FR8F Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

UBUNTU-CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

DEBIAN-CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

Shards of Magic - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Shards of Magic published at the 'play' market has multiple vulnerabilities...

CVE-2006-3065

CVE-2006-3065 is a SQL injection vulnerability in blur6ex 0.3.462 affecting engine/shards/blog.php. The flaw allows remote attackers to inject arbitrary SQL via the ID parameter in a proc_reply action on the blog shard. The description notes similarity to CVE-2006-1763 but cites different affecte...