MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.181-2.6.14.1.AXS4 (AXSA:2018-2999:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2999:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

MalDataGen: A Modular Framework for Synthetic Tabular Data Generation in Malware Detection

High-quality data scarcity hinders malware detection, limiting ML performance. We introduce MalDataGen, an open-source modular framework for generating high-fidelity synthetic tabular data using modular deep learning models e.g., WGAN-GP, VQ-VAE. Evaluated via dual validation TR-TS/TS-TR, seven...

Foe for Fraud: Transferable Adversarial Attacks in Credit Card Fraud Detection

Credit card fraud detection CCFD is a critical application of Machine Learning ML in the financial sector, where accurately identifying fraudulent transactions is essential for mitigating financial losses. ML models have demonstrated their effectiveness in fraud detection task, in particular with...

Tab-MIA: a Benchmark Dataset for Membership Inference Attacks on Tabular Data in LLMs

Large language models LLMs are increasingly trained on tabular data, which, unlike unstructured text, often contains personally identifiable information PII in a highly structured and explicit format. As a result, privacy risks arise, since sensitive records can be inadvertently retained by the...

Synthetic Tabular Data: Methods, Attacks and Defenses

Synthetic data is often positioned as a solution to replace sensitive fixed-size datasets with a source of unlimited matching data, freed from privacy concerns. There has been much progress in synthetic data generation over the last decade, leveraging corresponding advances in machine learning an...

MUSE: Model-Agnostic Tabular Watermarking Via Multi-Sample Selection

We introduce MUSE, a watermarking algorithm for tabular generative models. Previous approaches typically leverage DDIM invertibility to watermark tabular diffusion models, but tabular diffusion models exhibit significantly poorer invertibility compared to other modalities, compromising performanc...

Dpmm: Differentially Private Marginal Models, a Library for Synthetic Tabular Data Generation

We propose dpmm, an open-source library for synthetic data generation with Differentially Private DP guarantees. It includes three popular marginal models -- PrivBayes, MST, and AIM -- that achieve superior utility and offer richer functionality compared to alternative implementations...

Random Client Selection on Contrastive Federated Learning for Tabular Data

Vertical Federated Learning VFL has revolutionised collaborative machine learning by enabling privacy-preserving model training across multiple parties. However, it remains vulnerable to information leakage during intermediate computation sharing. While Contrastive Federated Learning CFL was...

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...

Benchmarking Differentially Private Tabular Data Synthesis

Differentially private DP tabular data synthesis generates artificial data that preserves the statistical properties of private data while safeguarding individual privacy. The emergence of diverse algorithms in recent years has introduced challenges in practical applications, such as inconsistent...

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

van_der_Schaar LAB synthcity code issue vulnerability

synthcity is a vanderSchaar LAB open source library for generating and evaluating synthetic tabular data. A code issue vulnerability exists in vanderSchaar LAB synthcity version 0.2.9, which stems from an incorrect operation that can lead to deserialization...

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

OESA-2022-2075 freetds security update

FreeTDS is an open source implementation of the TDS Tabular Data Stream protocol used by these databases for their own clients. It supports many different flavors of the protocol and three APIs to access it. FreeTDS includes call level interfaces for DB-Lib, CT-Lib, and ODBC. Security Fixes:...

TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067

This module allows you to attach tabular data to an entity. There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)

This update for java-180-openjdk to version 8u171 fixes the following issues : These security issues were fixed : S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading S8189969,...

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...