CVE-2023-50727 Resque vulnerable to reflected XSS in Queue Endpoint

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /". This issue has been patched in version 2.6.0...

queue-cafe.de Improper Access Control vulnerability OBB-3820188

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Resque Cross-Site Scripting Vulnerability

Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque version 2.1.0 before the cross-site scripting vulnerability , the vulnerability stems from easy through the queue endpoint path in the currentqueue parameter by reflective cross-site scripting XSS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue parameter in the path of the queues endpoint. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the web page. Details Cross-site scripting or XS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue portion of the path on the /queues endpoint. An attacker can manipulate the output of the web page by injecting malicious scripts into the URL path. Details Cross-site scripting or XSS is a...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

GHSA-R9MQ-M72X-257G Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

PT-2023-31623 · Resque · Resque

Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.1.0 Description: The issue is related to reflected Cross Site Scripting XSS through the current queue parameter in the path of the queues endpoint. This allows for potential exploitation by manipulating the endpoint...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

Security Bulletin: IBM Security Verify Information Queue has a third-party library vulnerability (CVE-2023-43642)

Summary IBM Security Verify Information Queue ISIQ v10.0.7 has upgraded its Apache Kafka client to remediate a vulnerability in the snappy-java compression library. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from shadow-utils, procps-ng, containerd, urllib3, nghttp2 and Golang

Summary Multiple issues were identified in Red Hat UBI packages, go-toolset and OSE are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-25153 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a memory...

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in MQ. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. IBM has released updates to fix the vulnerability in the supported versions of MQ. For more information, see: https://www.ibm.com/support/pages/node/7096710...

USN-6549-3: Linux kernel (Low Latency) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...

USN-6534-2: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the inclusion of the function dbmsaqmovetoexceptionqueue, which can...

PT-2023-32560 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: quiche versions 0.15.0 through 0.19.0 Description: The issue is related to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation requires that the recipient of a PATH CHALLENGE...

PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...