CVE-2021-39181

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

Design/Logic Flaw

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

CVE-2021-39181 Unsafe Deserialization of User Data Using XStream

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

CVE-2021-39180

OpenOLAT is affected by a path traversal vulnerability (CVE-2021-39180) in versions before 15.3.18, 15.5.3, and 16.0.0. An attacker with an OpenOLAT user account can upload a specially crafted ZIP and trigger unzip, enabling overwriting files writable by the application server user (e.g., Tomcat)...

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" aka VIA, the recurring authentication scheme...

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

Summary IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx. IBM Watson Machine Learning Accelerator havs addressed the CVE-2021-23017. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Google TensorFlow code issue vulnerability (CNVD-2022-09857)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow is vulnerable to a code issue that arises from the fact that if the user does not provide a valid padding value for "tf.rawops.MatrixDiagPartOp", the code triggers a null point...

Google TensorFlow code issue vulnerability (CNVD-2022-09856)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a code issue vulnerability that stems from the fact that when recovering a tensor via the raw API, TensorFlow may be tricked into referencing a null pointer if the...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-37645 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-37645 Source advisory: OSV:GHSA-9W2P-5MGW-P94C...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37669 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37669 Source advisory: OSV:GHSA-VMJW-C2VP-P33C...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37682 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37682 Source advisory: OSV:GHSA-4C4G-CRQM-XRXW...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37684 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37684 Source advisory: OSV:GHSA-Q7F7-544H-67H9...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37685 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37685 Source advisory: OSV:GHSA-C545-C4F9-RF6V...

All Vulnerabilities for online-learning.gidatarim.edu.tr Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| online-learning.gidatarim.edu.tr ---|--...

All Vulnerabilities for elearning.bvu.edu.vn Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| elearning.bvu.edu.vn ---|--- Open Bug...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-64072)

Google TensorFlow is an end-to-end open source machine learning platform. tf.rawops.CompressElement in versions prior to Google TensorFlow 2.6.0 is vulnerable to null pointer dereference. An attacker could exploit the vulnerability by passing invalid input to cause a null pointer dereference...

Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64069)

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a divide by zero error in versions prior to Google TensorFlow 2.6.0. An attacker could exploit the vulnerability through a specially crafted parameter call in-place to cause a floating point exception, which...

Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64067)

Google TensorFlow is an end-to-end open source machine learning platform. tf.rawops.ResourceScatterDiv implementation in versions prior to Google TensorFlow 2.6.0 is vulnerable to a dezero error. No detailed vulnerability details are available at this time...

Google TensorFlow integer overflow vulnerability (CNVD-2021-64075)

Google TensorFlow is an end-to-end open source machine learning platform. An integer overflow vulnerability exists in the implementation of tf.rawops.QuantizeAndDequantizeV4Grad in versions prior to Google TensorFlow 2.6.0. The vulnerability stems from converting a signed integer value to an...