CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager...

CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager...

CVE-2024-40681

CVE-2024-40681 affects IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD. An authenticated user in a specifically defined role could bypass security restrictions and execute actions against the queue manager. The issue is a security bypass in IBM MQ/Operator context; remediation requi...

CVE-2024-40681 IBM MQ security bypass

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager...

PT-2024-28983 · Ibm · Ibm Mq +1

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.1 LTS through 9.4 CD IBM MQ Operator versions 2.0.26 through 3.2.4 Description: The issue allows an authenticated user in a specifically defined role to bypass security restrictions and execute actions against the queue...

IBM MQ 安全漏洞

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A denial of service vulnerability exists in IBM MQ Operator versions 2.0.26 and 3.2.4, which stems from improper memory allocation and can be exploited by an attacker to cause a...

IBM MQ 安全漏洞

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security bypass vulnerability exists in IBM MQ Operator versions 2.0.26 and 3.2.4, which can be exploited by an authenticated attacker in a specifically defined role to...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

Summary Kerberos 5 and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the steps required to address these...

SUSE CVE-2024-44964

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

SUSE CVE-2024-44970

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

SUSE CVE-2024-45007

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...

UBUNTU-CVE-2024-45007

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...

AZL-49875 CVE-2024-44970 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

DEBIAN-CVE-2024-44970

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

CVE-2024-44964

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

UBUNTU-CVE-2024-44964

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

UBUNTU-CVE-2024-44970

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

CVE-2024-44964 idpf: fix memory leaks and crashes while performing a soft reset

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

CVE-2024-44964 idpf: fix memory leaks and crashes while performing a soft reset

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

CVE-2024-44964 idpf: fix memory leaks and crashes while performing a soft reset

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...