CVE-2016-0379

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service channel outage by leveraging queue-manager rights...

The vulnerability of the WebSphere MQ message processing service allows a perpetrator to trigger a service failure.

The vulnerability of the WebSphere MQ message queue manager agent is related to a memory leak. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures e.g., excessive memory consumption by triggering multiple errors...

CVE-2016-0260

Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service heap memory consumption by triggering many errors...

CVE-2016-0260

Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service heap memory consumption by triggering many errors...

Command injection

runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp...

Design/Logic Flaw

The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file...

CVE-2014-3684

CVE-2014-3684 affects the TORQUE Resource Manager (lib/Libifl/tm.c, tm_adopt) across 5.0.x, 4.5.x, 4.2.x and earlier. The root cause is that the owner of a process is not validated to also own the adopted session id, enabling remote authenticated users to kill arbitrary processes via a crafted ex...

CVE-2014-4793

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors...

Postfix 1.1.x Denial of Service Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to bounce-scan a private network. It has also been reported that thi...

CVE-2013-4319

pbsmom in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command...

CVE-2013-3019: IBM WebSphere MQ CHLAUTH rule bypass

This CVE concerns IBM WebSphere MQ where a vulnerability in CHLAUTH could let an attacker bypass security restrictions. Specifically, a queue-manager map channel authentication rule could, in some configurations with both open and restrictive rules, countermand a restrictive rule of another type ...

CVE-2012-2199

The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service invalid address alignment exception and daemon crash via vectors involving a multiplexed channel...

Security feature bypass

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors...

CVE-2012-3295

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors...

CVE-2011-2907

Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBSOHOST variable to the qsub program...

Design/Logic Flaw

Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBSOHOST variable to the qsub program...

CVE-2011-2907

Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBSOHOST variable to the qsub program...

Code injection

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

CVE-2011-1314

The Service Integration Bus SIB messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service daemon hang by performing close operations via network connections to a queue manager...

CVE-2011-1314

The Service Integration Bus SIB messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service daemon hang by performing close operations via network connections to a queue manager...