CVE-2016-6589

A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...

Denial of service

A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)

Summary Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3348-1)

This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...

Security Bulletin: Security vulnerabilities has been identified with the embedded Content Navigator used by IBM Business Automation Workflow (CVE 2019-4263, CVE-2019-10086, CVE-2019-12402)

Summary IBM Business Automation Workflow has addressed the following security vulnerabilities with the embedded Content Navigator. For more information, refer to the X-Force database entries referred to below. Vulnerability Details CVEID: CVE-2019-4263 DESCRIPTION: IBM Content Navigator is...

CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...

Security Bulletin: A denial of service vulnerability has been identified with Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager (CVE-2019-12402)

Summary Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager is vulnerable to denial of service, caused by an error in the internal file name encoding algorithm with Apache Commons Compress. By persuading a victim to open specially crafted ZIP archive containin...

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

Security Bulletin: Unvalidated certificate import in IBM Business Automation Workflow (CVE-2019-4711)

Summary APAR JR61324 is available for IBM Business Automation Workflow BAW 19.0.0.2. It introduces a new API to register BAW at Resource Registry to support integrating processes in App Designer in Cloud Pak for Automation. During the registration process a TLS certifcate is imported without...

Workflow rules only check the file extension for the mimetype instead of the content (NC-SA-2020-002)

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

Integrate Security Testing with GitHub Actions

GitHub Actions GitHub announced their own CI/CD system which is integrated into the user interface and called Github Actions. We added RIPS to the GitHub marketplace which enables you to integrate our leading code analysis directly into your GitHub workflow. It works as a security gateway and fai...

datamorph-workflow-generator (=0.0.2), i2b2-import (>=0.0.1 <=1.5.34) +1 more potentially affected by CVE-2019-12417 via airflow (=0.6.0)

airflow PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on airflow and may be impacted: - datamorph-workflow-generator =0.0.2 - i2b2-import =0.0.1, =1.5.34 - pandasdb =0.0.10 Source cves: CVE-2019-12417 Source advisory:...

From Thousands of Security Alerts to a Handful of Insights

Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features tha...

DEBIAN-CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

Code injection

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

openstack-mistral information disclosure vulnerability

openstack-mistral is a workflow service for the OpenStack cloud. The product focuses on providing mechanisms for managing and executing tasks/workflows without the need to code, manage and execute them in a cloud environment. An information disclosure vulnerability exists in openstack-mistral,...