7040 matches found
Microsoft unifies SIEM and XDR to help stop advanced attacks
For all of us in security, the last twelve months have been an incredible series of challenges—from balancing remote work with family priorities, to helping build resilient businesses, and protecting against the latest attacks. 2020 showed us that while we have made great progress, there is still...
Code Injection in jeikeilim/kindle
Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating data as organizations adopt more tools to stay on top of their sprawling environments. And with an abundance of tools comes an abundance of alerts,...
Chamilo Cross-Site Scripting Vulnerability
Chamilo is a learning management system focused on ease of use and accessibility. A cross-site scripting vulnerability exists in Chamilo 1.11.14. An attacker can exploit this vulnerability via main/calendar/agendalist.php?type= URI to conduct cross-site scripting attacks...
6 strategies to reduce cybersecurity alert fatigue in your SOC
Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...
6 strategies to reduce cybersecurity alert fatigue in your SOC
Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...
CVE-2021-3239
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...
CVE-2021-3239
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...
Sql injection
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...
CVE-2021-3239
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...
CVE-2021-3239
CVE-2021-3239 affects E-Learning System 1.0. The Red Hat, CNVD, CNVD CNVD, NVD and CVE records describe an unauthenticated SQL injection vulnerability that arises from lack of validation of externally entered SQL statements, allowing a remote attacker to execute arbitrary code on the hosting web ...
PT-2021-19699
Name of the Vulnerable Software and Affected Versions: E-Learning System version 1.0 Description: The issue allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell through an unauthenticated SQL injection. Recommendations: For E-Learning System version...
Sourcecodester Pisay Online E-Learning System SQL注入漏洞
Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. Sourcecodester Pisay Online E-Learning System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in a database-based...
SOAR Tools: What to Look for When Investing in Security Automation Tech
Security orchestration and automation SOAR refers to a collection of software solutions and tools that organizations can leverage to streamline security operations in three key areas: threat and vulnerability management, incident response, and security-operations automation. From a single platfor...
Security Bulletin: The Ubuntu ca-certificates have been updated in Watson Machine Learning Community Edition containers due to expiration.
Summary Ubuntu ca-certficates expire occasionally and need to be updated. The Ubuntu based containers for Watson Machine Learning Community Edition have been updated to recent ca-certificates. Vulnerability Details Third Party Entry: 192370 DESCRIPTION: ca-certificates package for Ubuntu spoofing...
Security Bulletin: Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl
Summary Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl. Users should repull the docker containers from dockerhub.com or issue an in-container update. Vulnerability Details CVEID: CVE-2020-8231 DESCRIPTION: cURL libcurl could allow ...
Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.
Summary TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has had various CVE reported against it and have been patched. Users should update to the latest available TensorFlow package. Vulnerability Details CVEID: CVE-2020-15265 DESCRIPTION: Tensorflow is vulnerable to a...
Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for various security issues in nanopb.
Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details Third Party Entry: 193026 DESCRIPTION: Nanopb pbencode buffer overflow CVSS Base score: 4.8 CVSS...
Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for a security issue in nanopb.
Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details CVEID: CVE-2020-26243 DESCRIPTION: Nanopb is vulnerable to a denial of service, caused by a memory...
Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.
Summary TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has had various reported CVEID's included below. These issues have been patched and users should update to the latest available versions. Vulnerability Details CVEID: CVE-2020-26270 DESCRIPTION: TensorFlow is vulnerab...