RUSTSEC-2020-0047 array_queue pop_back() may cause a use-after-free

arrayqueue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the popback function allowing the reading of previously dropped or uninitialized memory...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

CloudBees Jenkins computer-queue-plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Cross site scripting

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Affected software: Jenkins computer-queue-plugin, version 1.5 and earlier. Root cause: the agent name shown in tooltips is not escaped, enabling stored XSS. Impact: requires Agent/Configure permission to exploit; can lead to client-side code execution. Exploitation vector: stored XSS through tool...

PT-2020-15484 · Jenkins · Jenkins Computer-Queue-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins computer-queue-plugin Plugin versions 1.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Agent/Configure permission. This occurs because the agen...

CVE-2020-13127

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKSLISTpt.querystring parameter...

Cisco IOS and Cisco IOS XR Resource Management Error Vulnerability

Cisco IOS and Cisco IOS XR are both operating systems developed by Cisco for its network devices. A security vulnerability in DVMRP in Cisco IOS XR Software, which stems from insufficient queue management of Internet Group Management Protocol IGMP packets, could allow an attacker to send carefull...

CVE-2020-3566

A vulnerability in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protoco...

CVE-2012-2201

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager...

PT-2020-7199 · Ibm · Ibm Websphere Mq

Name of the Vulnerable Software and Affected Versions: IBM WebSphere MQ version 7.1 Description: The issue is related to a denial of service caused by an error when handling user ids. A remote attacker could exploit this to bypass the security configuration setup on a SVRCONN channel and flood th...

The vulnerability of the Windows operating system’s print queue dispatcher service allows a hacker to escalate their privileges.

The vulnerability of the Windows operating system’s print queue dispatcher is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

In QEMU 5.0.0 and earlier megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

...

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375)

Summary An error was found within the Dynamic queue logic that could cause a memory leak and be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could all...

IBM MQ Denial of Service Vulnerability (CNVD-2020-44895)

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in the queue processing feature in IBM MQ for HPE NonStop Server versio...