Lucene search
+L

16 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2004 vantage6's CORS settings overly permissive

Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies Patches No Workarounds No...

4.2CVSS5.9AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2026/06/17 10:12 p.m.2 views

CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

5.9CVSS5.9AI score0.00278EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 10:7 p.m.3 views

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

2.1CVSS5.9AI score0.00278EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/06/05 3:21 p.m.6 views

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...

2.1CVSS5.5AI score0.00278EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/12 6:15 p.m.6 views

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:PYSEC-2025-220...

9.8CVSS5.8AI score0.00397EPSS
Exploits0
OSV
OSV
added 2025/06/12 6:15 p.m.7 views

PYSEC-2025-220

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS5.8AI score0.00397EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 6:15 p.m.8 views

PYSEC-2025-221

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.6 views

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

6.5CVSS6.7AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.5 views

vantage6 安全漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions of vantage6 prior to 4.5.0 that stems from the ability of collaboration administrators to add additional organizations to their...

2.7CVSS4.3AI score0.00316EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/01/30 4:15 p.m.3 views

vantage6-algorithm-store (>=4.10.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-22193 via vantage6 (>=0.0.0 <=4.1.3)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-22193 Source advisory: OSV:PYSEC-2024-32...

4.3CVSS5.4AI score0.00257EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.7 views

PT-2024-2069 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: vantage6-UI versions prior to 4.2.0 Description: The issue is related to insufficient protection of service data in the vantage6-UI interface, which can allow a remote attacker to gain unauthorized access to protected information. The docker...

5.3CVSS5.2AI score0.00335EPSS
Exploits0References7
PyPA
PyPA
added 2023/11/14 9:15 p.m.10 views

PYSEC-2023-304

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

8.8CVSS6.9AI score0.00446EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2023/10/11 6:15 p.m.14 views

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

7.2CVSS6.8AI score0.00892EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/10/11 6:15 p.m.37 views

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

7.2CVSS5.9AI score0.00892EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/11 12:0 a.m.4 views

vantage6 Code Issue Vulnerability

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in versions prior to vantage6 3.3.6 that stems from deleting a collaboration without deleting the linked resources e.g., tasks in that...

4.3CVSS6.9AI score0.00319EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/03/04 12:15 a.m.6 views

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-23929 via vantage6 (>=0.0.0 <=3.7.3)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-23929 Source advisory: OSV:PYSEC-2023-54...

8.8CVSS7.2AI score0.00571EPSS
Exploits0
Rows per page
Query Builder