Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vantage6 vantage6 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-21653
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH ...
Vantage6 Vantage6
8.8
CVSSv3
CVE-2024-21649
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). before 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This v...
Vantage6 Vantage6
8.8
CVSSv3
CVE-2023-47631
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server...
Vantage6 Vantage6 4.1.2
Vantage6 Vantage6
8.8
CVSSv3
CVE-2023-23929
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.
Vantage6 Vantage6
7.2
CVSSv3
CVE-2023-23930
vantage6 is privacy preserving federated learning infrastructure. Versions before 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affec...
Vantage6 Vantage6
6.5
CVSSv3
CVE-2023-22738
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B,...
Vantage6 Vantage6
Vantage6 Vantage6 3.8.0
6.5
CVSSv3
CVE-2022-39228
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wro...
Vantage6 Vantage6
5.4
CVSSv3
CVE-2023-28635
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which use...
Vantage6 Vantage6
5.3
CVSSv3
CVE-2024-22200
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
Vantage6 Vantage6-ui
4.3
CVSSv3
CVE-2024-22193
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may acci...
Vantage6 Vantage6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »