Lucene search
K
NvidiaNvflare

6 matches found

CVE
CVE
added 2022/07/01 5:15 p.m.128 views

CVE-2022-31605

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module where YAML files are loaded with yaml.load() instead of yaml.safe_load(). This deserialization of untrusted data may allow an unauthenticated network attacker to cause Remote Code Execution, Denial of Service, and impa...

9.8CVSS9.4AI score0.0193EPSS
CVE
CVE
added 2022/07/01 5:15 p.m.118 views

CVE-2022-31604

CVE-2022-31604 affects NVFLARE prior to 2.1.2. The PKI module deserializes CA credentials via pickle, enabling deserialization of untrusted data and potentially enabling Remote Code Execution, Denial of Service, and impact to Confidentiality/Integrity/Availability. Exploitation details are not pr...

9.8CVSS9.4AI score0.0193EPSS
CVE
CVE
added 2022/08/29 12:0 a.m.88 views

CVE-2022-34668

NVFLARE before version 2.1.4 is affected by a deserialization vulnerability due to untrusted data via Python Pickle, enabling Remote Code Execution and Denial of Service with high impact to confidentiality and integrity. All versions prior to 2.1.4 are affected. Public writeups describe an attack...

9.8CVSS9.4AI score0.08529EPSS
CVE
CVE
added 2026/04/28 5:44 p.m.17 views

CVE-2026-24178

NVIDIA NVFlare Dashboard (security bulletin for NVIDIA FLARE SDK) lists CVE-2026-24178 as a critical vulnerability in the user management and authentication system. An unauthenticated attacker may bypass authorization via a user-controlled key, with potential impacts including privilege escalatio...

9.8CVSS5.4AI score0.00573EPSS
CVE
CVE
added 2026/04/28 5:45 p.m.15 views

CVE-2026-24186

CVE-2026-24186 affects NVIDIA FLARE SDK, specifically the FOBS component. The vulnerability allows deserialization of untrusted data via a malicious FOBS-encoded message, which could lead to code execution. Affected product: NVIDIA FLARE SDK; affected version range includes all pre-2.7.2 builds. ...

8.8CVSS5.6AI score0.00476EPSS
CVE
CVE
added 2026/04/28 5:46 p.m.10 views

CVE-2026-24204

The CVE-2026-24204 entry concerns NVIDIA FLARE SDK, where the flaw is an improper input validation via path traversal in the SDK. This could allow an attacker to disclose information with network access and low privileges, as described in the NVIDIA bulletin. Affected product: NVIDIA FLARE SDK; v...

6.5CVSS5.2AI score0.00364EPSS