21 matches found
EUVD-2024-3294
Malicious code in bioql PyPI...
EUVD-2022-27465
Malicious code in bioql PyPI...
Security Bulletin: RabbitMQ HTTP API Authorization Bypass Allows Unauthorized Queue Deletion
Summary RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host...
RabbitMQ 3.12.x < 3.12.11 Queue Deletion Authorization Bypass
The version of RabbitMQ installed on the remote host is 3.12.x prior to 3.2.11. It is, therefore, affected by an authorization bypass vulnerability: - RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying...
BIT-RABBITMQ-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...
CVE-2024-51988
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3...
CVE-2024-51988
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...
UBUNTU-CVE-2024-51988
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
Summary Queue deletion via the HTTP API was not verifying the configure permission of the user. Impact Users who had all of the following: 1. Valid credentials 2. Some permissions for the target virtual host 3. HTTP API access could delete queues it had no deletion permissions for. Workarounds...
GHSA-PJ33-75X5-32J4 RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
Summary Queue deletion via the HTTP API was not verifying the configure permission of the user. Impact Users who had all of the following: 1. Valid credentials 2. Some permissions for the target virtual host 3. HTTP API access could delete queues it had no deletion permissions for. Workarounds...
CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...
CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...
CVE-2024-51988
CVE-2024-51988 affects RabbitMQ: queue deletion via the HTTP API could bypass the configure permission, allowing users with credentials, some vhost permissions, and HTTP API access to delete queues they should not. Affected versions include Open Source RabbitMQ up to 3.12.10 (fixed in 3.12.11) an...
CVE-2022-48914
CVE-2022-48914 affects the Linux kernel’s xen_netfront/xennet_destroy_queues path. The vulnerability arises because xennet_destroy_queues() relies on netdev->real_num_tx_queues, which is cleared after unregister_netdev() due to net-sysfs changes, causing a NULL dereference when freeing queues ...
Security Bulletin: IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user.
Summary IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user. This could cause a disruption on any RPA scripts dependent on queues. Vulnerability Details CVEID: CVE-2022-22319 DESCRIPTION: IBM Robotic Process Automation could allow a...
IBM Robotic Process Automation Licensing Issue Vulnerability
IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. IBM Robotic Process Automation version 21.0.1 contains an authorization issue vulnerability that stems from the application's lack of privilege restrictions on queue deletion, which could be exploited by ...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. IBM Robotic Process Automation version 21.0.1 contains an authorization issue vulnerability that stems from the application's lack of privilege restrictions on queue deletion, which could be exploited by ...
PT-2022-15358 · Ibm · Ibm Robotic Process Automation
Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation version 21.0.1 Description: The issue allows a registered user on the system to physically delete a queue, which could cause disruption for any scripts dependent on the queue. Recommendations: For IBM Robotic...
CVE-2022-22319
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366...
Security Bulletin: IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user.
Summary IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user. This could cause a disruption on any RPA scripts dependent on queues. Vulnerability Details CVEID: CVE-2022-22319 DESCRIPTION: IBM Robotic Process Automation could allow a...