Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2021:0744 Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.16.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...

Micro Focus Solutions Business Manager Cross-Site Scripting Vulnerability (CNVD-2021-18312)

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

Remote code execution

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

Huawei EulerOS: Security Advisory for pcp (EulerOS-SA-2021-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit SDK could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research ATR team today, which found the aforementioned...

Code injection

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret EMS extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during...

Buffer overflow

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

Code injection

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel TMM may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development...

Intel EPID SDK Input Validation Error Vulnerability

An input validation error vulnerability exists in the Intel EPID SDK that arises from a network system or product that does not properly validate incoming data...

Moderate: Red Hat Security Advisory: rh-nodejs14-nodejs security update

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

JetBrains YouTrack Project Information Disclosure Vulnerability

YouTrack is a keyboard-based issue and project tracking tool from the Czech company JetBrains, primarily used for tracking tasks and defect correction arrangements during development. A project information disclosure vulnerability exists in versions of JetBrains YouTrack prior to 2020.6.1099. No...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2021-07539)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

Loopholes in the uploading of documents on the rural collective "three capitals" management service platform

Guangzhou Beijia Software Development Co., Ltd. is a national high-tech enterprise specializing in software development and operation and maintenance services for rural property rights management and transfer services also known as three capitals management and trading. There is a file upload...

Jinan Yuxia Information Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-12787)

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...

java-1.8.0-openjdk bug fix and enhancement update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fixes and Enhancements: Currently, Java applications run with Speculative Store Bypass SSB, CVE-2018-3639 disabled. Disabling SSB results in a performance degradatio...

CVE-2021-2067

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

DLL Hijacking Vulnerability in 115 PC Version of Guangdong One One Five Technology Co.

The business scope of Guangdong Yi Yi Wu Technology Co., Ltd. includes: design, development and sales of computer software and hardware; design, release, production and agency of domestic and foreign advertisements; and provision of computerized page production. Ltd. 115 computer version of the D...

SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the companys software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. Mo...

CVE-2021-1725

Bot Framework SDK Information Disclosure Vulnerability...