Security Bulletin: XML External Entity Injection vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-20482

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID: CVE-2021-20482 DESCRIPTION: IBM Business Automation Workflow is vulnerable to an XML External Entity Injection XXE attack when processin...

dotCMS 跨站脚本漏洞

Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS v5.1.5, which can be exploited by a remote...

Manage Linux Patching with Qualys VMDR

As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, IT teams have been looking for a single, efficient...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1243-1)

This update for qemu fixes the following issues : CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 CVE-2020-25625: Fix infinite lo...

SAP NetWeaver AS ABAP Denial of Service Vulnerability (CNVD-2021-29099)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver AS ABAP versions 731, 740, and 750. The vulnerability...

SAP NetWeaver AS ABAP Business Server 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver AS ABAP versions 731, 740, and 750. The vulnerability...

Privilege Escalation

projen is vulnerable to privilege escalation. The vulnerability exists due to workflow being able to be triggered the issuecomment on the pull request...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

GHSA-GG2G-M5WC-VCCQ Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

CVE-2021-21423

CVE-2021-21423 concerns the projen build tool. The issue centers on the rebuild-bot GitHub workflow (triggered by issue_comment with @projen rebuild) which runs with the repository’s GITHUB_TOKEN and could allow untrusted code to affect the main branch, potentially exposing secrets or altering co...

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to Node.js runtime and to other component specific vulnerabilities. Vulnerability Details CVEID: CVE-2020-8265 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a use-after-free in TLSWrap within the TLS implementation. By writing to a TL...

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Summary Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable t...

CVE-2021-20626

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors...

CVE-2021-20626

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors...

CVE-2021-20626

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors...

CVE-2021-20626

CVE-2021-20626 affects Cybozu Office 10.0.0–10.8.4. Description: Improper access control in the Workflow module may allow an authenticated user to bypass access restrictions and alter workflow data via unspecified vectors. Impact: unauthorized data alteration within Workflow for logged-in users. ...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...