Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5.3 Vulnerability Details CVEID:CVE-2024-12254 DESCRIPTION: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain th...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...

Ansible vs Terraform: Which is More Secure for Infrastructure Automation?

Gartner describes infrastructure as code IaC as a key way to unlock the potential of the cloud. However,…...

Security Bulletin: A security vulnerability in Node.js moment affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js moment affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

Security Bulletin: A security vulnerability in GO crypto affects Infrastructure Automation

Summary A security vulnerability in GO crypto affects Infrastructure Automation Vulnerability Details CVEID:CVE-2021-43565 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket function. By sending an empty...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-21824 DESCRIPTION: Node.js could provide weaker than expected security, caused by an error related to the formatting logic of the console.table functio...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2021-44531 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of URI Subject Alternative Na...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-32215 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by t...

Security Bulletin: A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services

Summary A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a...

Overlord - Red Teaming Infrastructure Automation

Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules e.g. C2, Email Server, HTTP web delivery server, Phishing server etc. and the full infra / modules and scripts will be...

Debian: Security Advisory (DLA-2223-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2223-1] salt security update

Package : salt Version : 2014.1.13+ds-3+deb8u1 CVE ID : CVE-2020-11651 CVE-2020-11652 Debian Bug : 959684 Several vulnerabilities were discovered in package salt, a configuration management and infrastructure automation software. CVE-2020-11651 The salt-master process ClearFuncs class does not...

Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 2 (7.5.1-736)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. All customers that use CloudBlue Cloud Infrastructure Automation with Virtuozzo Hybrid Server 7.5 and newer are strongly recommended to install the hotfix. Vulnerability id: PSBM-125586 Cloud...

Laforge - Security Competition Infrastructure Automation Framework

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...

Moderate: Red Hat Security Advisory: openstack-heat security, bug fix, and enhancement update

Updated openstack-heat packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...