IBM多款产品 信任管理问题漏洞

IBM MQ and others are products of International Business Machines IBM.IBM MQ is a messaging middleware product.IBM MQ Operator is a tool for managing the lifecycle of IBM MQ Queue Manager.IBM MQ Container CD is a containerized deployment solution for IBM MQ. A trust management issue vulnerability...

The vulnerability of the updateWifiInfo() function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system allows a intruder to execute arbitrary code.

The vulnerability of the updateWifiInfo function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK, which supports MQTT protocol and Telnet service, and is mainly used for home and small business networking. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the failure of parameter s in the MQTT...

CVE-2025-3631

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it...

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogrammable controller ABB RMC-100 and RMC-100-LITE devices lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to bypass security restrictions and...

CVE-2023-22874

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216...

CVE-2023-22384

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

CVE-2023-28950

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358...

CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2020-6882

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specifi...

CVE-2025-27365

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it...

IBM MQ Container 安全漏洞

IBM MQ Container is a containerized deployment solution for IBM MQ from International Business Machines IBM. A security vulnerability exists in IBM MQ Container that stems from a misconfiguration that could lead to the disclosure of sensitive information...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets that stems from a possible information leak when creating MQ channels...

kernel: use-after-free in cec_queue_msg_fh

A vulnerability was found in the Linux kernel. A use-after-free exists in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

Malicious code in @hongfangze/mq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32be147fdc6ce87ca5422a92c79a9d1fe7e891ec5e55768e935355ede80f4e4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MessageQueue.dequeue API function. An attacker can execute arbitrary code by sending a malicious payload to...

GHSA-5VQR-WPRC-CPP7 vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

Linux Distros Unpatched Vulnerability : CVE-2024-58019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC header, message body. GSP...

CVE-2025-0975

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...