CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE

The SolarWinds Information Service SWIS is vulnerable to RCE by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command...

CVE-2023-26284

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417...

CVE-2022-43902

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832...

CVE-2022-40237

IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727...

SUSE CVE-2013-2482

The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service infinite loop via a malformed packet...

SUSE CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

SUSE CVE-2017-9986

The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...

SUSE CVE-2017-9985

The sndmsndmidiinputread function in sound/isa/msnd/msndmidi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...

SUSE CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection...

SUSE CVE-2019-6250

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq aka 0MQ 4.2.x and 4.3.x before 4.3.1. A v2decoder.cpp zmq::v2decodert::sizeready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leverag...

CVE-2022-42436

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206...

CVE-2023-24156

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

This Week in Spring - January 9th, 2023

Hi, Spring fans! As I write this Im on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. Its going to be cold there. Wish me luck! Do you know what always warms me up? The thrill of learning. And this weeks no different. This week weve got some good stuff line up so...

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

Hardcoded credentials

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

CVE-2022-3928 Hardcoded credential is found in the message queue

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

CVE-2022-3928 Hardcoded credential is found in the message queue

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

CVE-2022-3928

CVE-2022-3928 describes a hardcoded credential in the message queue of Hitachi Energy FOXMAN-UN and UNEM products (R9C–R15B). The vulnerability allows an attacker who can exploit it to access data in the internal message queue. Connected advisories and records confirm the affected families (FOXMA...

PT-2023-13717 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMANN-UN versions R9C through R15B UNEM versions R9C through R15B Description: A hardcoded credential is found in the affected products' message queue. An attacker that manages to exploit this issue will be able to access data to the intern...