UBUNTU-CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication bypass. The vulnerability is due to a failure to enforce negative user permissions in one scenario. Attackers can exploit this by using a queue subscription on the wildcard to access denied subjects...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the RDMA/mlx5 component failing to check if the value of the maxsge attribute of an SRQ exceeds the maximum...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the wifi:mac80211:mesh component that has a meshpreqqueue object...

NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

UBUNTU-CVE-2022-29946

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

CVE-2024-39531

An Improper Handling of Values vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service DoS. If a value is configured for DDoS bandwidth or burst parameters for any...

CVE-2024-39531 Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols

An Improper Handling of Values vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service DoS. If a value is configured for DDoS bandwidth or burst parameters for any...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

DEBIAN-CVE-2024-39492

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pmruntimegetsync warning in mbox shutdown The return value of pmruntimegetsync in cmdqmboxshutdown will return 1 when pm runtime state is active, and we don't want to get the warning message in this case. S...

PT-2024-29801 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from a change in how the maximum segment size is handled, specifically in the sdhci component. The function blk queue max segment size ensures that the maximum size is...

CVE-2024-31327

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-DISCOURSE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

PT-2024-23973 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which stems from a vulnerability that allows a user to bypass authentication under certain...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which originates from allowing users to cause a denial of service due to a partial string...

PT-2024-29217

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock vulnerability has been resolved in the Linux kernel, specifically in the net: ks8851 module. The issue occurs when SMP is enabled and spinlocks are functional, causing a...

The vulnerability of the config_eq_output component (libavfilter/asrc_afirsrc.c) in the FFmpeg multimedia library allows a attacker to execute arbitrary code.

The vulnerability of the configeqoutput component libavfilter/asrcafirsrc.c in the FFmpeg multimedia library is related to buffer overflow in the “queue” mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...