CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

Cisco Unified Web Interaction Manager Web Interface Denial of Service Vulnerability

Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager allows remote attackers to conduct denial of service attacks by deleting the default system folder in the message queue via the WEB interface...

IBM MQ Light Denial of Service Vulnerability (CNVD-2015-05122)

IBM MQ Light is a messaging service from IBM USA based on IBM Bluemix, a PaaS platform for creating, deploying and managing applications on the cloud. A security vulnerability exists in IBM MQ Light versions 1.0 and 1.0.0.1 due to the program failing to properly handle authentication credentials....

UBUNTU-CVE-2014-9721

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header...

IBM WebSphere MQ Resource Management Denial of Service Vulnerability

IBM WebSphere MQ is used to provide messaging services in the enterprise. A security vulnerability exists in IBM WebSphere MQ, which can be exploited by remote attackers to cause a denial of service with the 'PCF query' privilege with the help of a specially crafted query...

Microsoft Message Queue QMGetRemoteQueueName Buffer Overflow - Ver2 (CVE-2008-3479)

A buffer overflow vulnerability has been reported in Microsoft Windows 2000. An attacker could exploit this vulnerability via a crafted RPC call, related to improper processing of parameters to string APIs. Successful exploitation of this vulnerability could allow a remote attacker to execute...

Microsoft Windows multiple security vulnerabilities

Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation...

DEBIAN-CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

DEBIAN-CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

Xxe

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

pycadf: token leak to message queue

It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the...

Important: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

Updated OpenStack Telemetry packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which give...

UBUNTU-CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...

wireshark: MQ dissector crash (wnpa-sec-2013-58, upstream bug 9079)

The dissectmqrr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Solaris 9 (x86) : 142848-04

Message Queue 4.4 Update 2 Patch 1x86 SunOS 5.9 5.10 Core product. Date this patch was last updated by Sun : Nov/19/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...