204 matches found
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...
CVE-2021-35968
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...
CVE-2021-35964
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...
CVE-2021-35967
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in...
Path traversal
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges...
Design/Logic Flaw
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks...
CVE-2021-35968
The CVE-2021-35968 entry concerns LearningDigital’s Orca HCM digital learning platform. Affected component: the directory listing page parameter. Root cause: improper filtering of special characters enables Path Traversal. Impact: remote attackers could access system directories under the user’s ...
CVE-2021-35967
The CVE-2021-35967 entry describes a Path Traversal vulnerability in the Orca HCM digital learning platform. The issue arises because the directory page parameter does not filter special characters, allowing remote attackers to access the system directory without authentication. The vulnerability...
CVE-2021-35965
CVE-2021-35965 affects the Orca HCM digital learning platform. The vulnerability arises from a hard-coded, weak factory-default administrator password embedded in the webpage source, enabling remote attackers to gain administrator privileges without authentication. NVD specifies CVSSv3.1 base sco...
CVE-2021-35964
CVE-2021-35964 affects the Orca HCM digital learning platform. The admin/management page does not perform identity verification, enabling remote attackers to perform management functions without logging in. This can lead to access to members’ information and the ability to modify or delete course...
CVE-2021-35964 Learningdigital.com, Inc. Orca HCM - Broken Authentication
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the...
CVE-2021-35963
The CVE-2021-35963 entry concerns Orca HCM from LearningDigital.com. A parameter in the platform’s upload function does not filter file formats, enabling remote unauthenticated attackers to upload files containing malicious scripts and execute RCE. This is supported by multiple sources (NVD entry...
LearningDigital Orca HCM digital learning platform 授权问题漏洞
LearningDigital Orca HCM digital learning platform is a digital learning platform from China's LearningDigital. The Orca HCM digital learning platform suffers from an authorization issue vulnerability, which stems from the lack of authentication on the administration page, which allows remote...
PT-2021-21085 · Orca Hcm · Orca Hcm
Name of the Vulnerable Software and Affected Versions: Orca HCM digital learning platform affected versions not specified Description: The issue concerns the use of a weak factory default administrator password in the Orca HCM digital learning platform. This password is hard-coded in the source...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48857)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from the absence of loops between nodes of a TFlite graph. No detailed vulnerability details are...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48856)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from a lack of validation in tf.rawops.RaggedTensorToTensor, and can be exploited by an...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48855)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from tf.rawops.QuantizeAndDequantizeV2 allows invalid values for the axis parameter:. No...
SAP Enable Now Information Disclosure Vulnerability (CNVD-2021-42412)
SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now versions 1.0 and 10, which can be exploited by an...
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...