kernel: ice: xsk: prohibit usage of non-balanced queue id

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...

kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double listadd at iwlmvmmacwaketxqueue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list ...

PT-2025-41059

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s block management queue blk-mq subsystem where a double queue rq call can occur due to early timeouts. This can be triggered in virtual machine use cas...

EasyTor 安全漏洞

EasyTor is a unique queue management system. A security vulnerability exists in EasyTor that originates from allowing authorization to be bypassed via an unspecified method...

Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target

Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs as most fuzzers do but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the...

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

Slashing can be frontrunned

Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...

High Reentrancy Withdrawals can be frontrun

Lines of code Vulnerability details Impact A reentrancy attack on the withdrawal functions could allow an attacker to drain the contract of all funds by repeatedly calling the functions faster than transactions can complete. By calling completeQueuedWithdrawal and withdrawBeaconChainETH multiple...

Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false

Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

OPENSUSE-SU-2023:0101-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.6: fixes deterred spoofing attempts can lead to authoritative servers being marked unavailable boo1209897, CVE-2023-26437 Fixes in 4.6.5: When an expired NSEC3 entry is seen, move it to the front of the...

CVE-2023-1090 WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1090

CVE-2023-1090 affects the WordPress plugin SMTP Mailing Queue, where versions before 2.0.1 fail to sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admin) even if unfiltered_html is disallowed (multisite). Impact is described as Stored XSS with potential user i...

WordPress plugin SMTP Mailing Queue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress SMTP Mailing Queue Plugin < 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software SMTP Mailing Queue Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1090 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 120991ade7ed Credits jidle Required privileg...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

GHSA-6W4M-2XHG-2658 Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

PT-2025-38349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the DRM/amdgpu module during the amdgpu ring fini function. The fences associated with the mes queue were not being freed, leading to a memory leak...