IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial-of-service vulnerability exists in IBM MQ, which can be exploited by...

PT-2024-24279 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.3 LTS and 9.3 CD Description: The issue allows an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Recommendations: For IBM MQ versions 9.3 LTS and 9.3 CD, a...

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An elevation of privilege vulnerability exists in IBM MQ, which can be exploited...

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in IBM MQ, which can be exploited by an...

CVE-2023-52882

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other...

CVE-2024-31856

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

PT-2024-20700 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.2 LTS through 9.3 CD Description: The issue allows a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. Recommendations: For IBM MQ versions 9.2 LTS through 9.3 CD,...

kernel: drm/amdkfd: Add missing gfx11 MQD manager callbacks

A NULL pointer dereference was found in the AMD KFD driver for GFX11 GPUs. The mqdstride callback was not assigned for GFX11 hardware, causing crashes when accessing the MQD debugfs interface...

IBM MQ Appliance 安全漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware. The IBM MQ Appliance suffers from a buffer overflow vulnerability that originates from not properly checking boundaries, which can be exploited by an attacker to overflow a buffer and...

SUSE CVE-2024-26886

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...

PT-2024-25427 · Ibm · Websphere Mq

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.1.0 Checkmk versions prior to 2.2.0p26 Checkmk versions prior to 2.3.0b5 Description: The issue allows a local attacker to inject an argument to runmqsc, potentially due to an untrusted data vulnerability in t...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.0.2, which stems from a stack-based buffer overflow in libc/posix/ipc/mqueue.c. The vulnerability is caused by the presence of a stack-based buffer...

The vulnerability of the messaging software: The IBM MQ Appliance, the IBM MQ Operator for managing containerized environments, and the IBM MQ messaging management system are susceptible to vulnerabilities related to insufficient input data validation. This allows attackers to trigger service failures.

The vulnerabilities of the messaging software IBM MQ Appliance, the containerized environment management system IBM MQ Operator, and the message management system IBM MQ are related to insufficient input data validation. Exploiting these vulnerabilities can allow attackers to cause service...

The vulnerability of the IBM MQ Operator, a software tool for managing containerized environments, and the IBM MQ messaging system lies in the fact that critical information is transmitted in plaintext. This allows attackers to disclose protected information.

The vulnerability of the IBM MQ Operator, a software tool for managing containerized environments, and the IBM MQ messaging management system is related to the transmission of critical information in open text format. Exploiting this vulnerability can allow attackers to disclose protected...

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service gain access to sensitive data, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or...

CVE-2021-47069

In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that a domqtimedreceive call may return and make domqtimedsend depend on an invalid address...

PT-2024-2173 · Ibm · Ibm Mq Operator

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.0 through 2.0.18, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.7, 3.0.0, 3.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms in IBM MQ Operator, which...

PT-2024-10390 · Ibm · Ibm Mq Operator +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms in...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...