Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties

Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...

The sound of you typing on your keyboard could reveal your password

As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...

The sound of you typing on your keyboard could reveal your password

As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:PYSEC-2023-281...

Microsoft Azure Machine Learning Security Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure Machine Learning. An attacker exploiting the vulnerability could gain access to sensitive information...

online-distance-learning-education.com Improper Access Control vulnerability OBB-3808148

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-9608 · Oracle · Peoplesoft Enterprise Elm Enterprise Learning Management

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise ELM Enterprise Learning Management version 9.2 Description: The issue is related to a vulnerability in the authorization procedure of the Enterprise Learning Management component. This vulnerability allows a low-privileg...

Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Vulnerablities in jquery affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These are addressed. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplie...

Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to libsass and node-sass vulnerabilities

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to the dependencies in the opensource library libsass-3.5.5 and opennms-opennms-source-25.1.1-1 . These are fixed. Vulnerability Details CVEID:CVE-2018-11696 DESCRIPTION: LibSaas is vulnerable to a denial of servic...

Chamilo LMS 1.11.x < 1.11.24 Multiple Vulnerabilities

Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...

CVE-2023-6359

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

CVE-2023-4222

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

CVE-2023-4221

Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

Command injection

Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

Command injection

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

CVE-2023-4222 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

CVE-2023-4221 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability

Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

Exploit for CVE-2022-30190

AmzWord an automated attack chain based on CVE-2022-30190, 16...