PT-2024-20700 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.2 LTS through 9.3 CD Description: The issue allows a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. Recommendations: For IBM MQ versions 9.2 LTS through 9.3 CD,...

kernel: drm/amdkfd: Add missing gfx11 MQD manager callbacks

A NULL pointer dereference was found in the AMD KFD driver for GFX11 GPUs. The mqdstride callback was not assigned for GFX11 hardware, causing crashes when accessing the MQD debugfs interface...

IBM MQ Appliance 安全漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware. The IBM MQ Appliance suffers from a buffer overflow vulnerability that originates from not properly checking boundaries, which can be exploited by an attacker to overflow a buffer and...

SUSE CVE-2024-26886

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...

PT-2024-25427 · Ibm · Websphere Mq

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.1.0 Checkmk versions prior to 2.2.0p26 Checkmk versions prior to 2.3.0b5 Description: The issue allows a local attacker to inject an argument to runmqsc, potentially due to an untrusted data vulnerability in t...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.0.2, which stems from a stack-based buffer overflow in libc/posix/ipc/mqueue.c. The vulnerability is caused by the presence of a stack-based buffer...

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service gain access to sensitive data, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or...

CVE-2021-47069

In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...

PT-2024-2173 · Ibm · Ibm Mq Operator

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.0 through 2.0.18, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.7, 3.0.0, 3.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms in IBM MQ Operator, which...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that a domqtimedreceive call may return and make domqtimedsend depend on an invalid address...

PT-2024-10390 · Ibm · Ibm Mq Operator +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms in...

CVE-2024-0390

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in MQ. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. IBM has released updates to fix the vulnerability in the supported versions of MQ. For more information, see: https://www.ibm.com/support/pages/node/7096710...

CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...

CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...

Bosch ctrlX HMI Web Panel Trust Management Issue Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. The ctrlX HMI Web Panel WR21 version suffers from a security vulnerability that originates from a security flaw in the Android Agent application, which allows an attacker to take control of the network of a malicious MQTT agent...

CVE-2023-22384

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

Memory corruption

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

CVE-2023-22384

CVE-2023-22384 describes a memory corruption issue in the VR Service when sending data via Fast Message Queue (FMQ). Public records consistently describe the vulnerability as a buffer copy/memory corruption in VR Service related to FMQ data transfer (CVE-2023-22384; Qualcomm bulletins). The conne...

CVE-2023-22384 Buffer Copy Without Checking Size of Input in VR Service

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...