Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages curl, systemd and Golang Go that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-32206 DESCRIPTION: cURL libcurl is vulnerable to a denial o...

Security Bulletin: TADDM 7.2.1.4: Vulnerabilities in embedded JRE.

Abstract Multiple security vulnerabilities exist in the Java Runtime Environments JREs IBM JRE 5.0 Service Release 16 or earlier, and non-IBM Java 5.0 or earlier, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-14...

kernel: ice: Fix memory corruption in VF driver

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled, when it requests a reset. If PF driver assumes that VF is disabled, while VF still has queues configured, VF may...

PT-2024-8456 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is caused by an API design decision in the Linux kernel's net/sched component, specifically in the taprio qdisc. When attempting full offload, the taprio qdisc starts...

PT-2024-8453 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the efx hard start xmit function. This can occur when trying to get the channel from the tx queue variable, which is wrong because...

GSD-2022-1005754 ice: xsk: prohibit usage of non-balanced queue id

ice: xsk: prohibit usage of non-balanced queue id This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.140 by commit...

PT-2022-34012 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.140 Description: The issue is related to the prohibition of usage of non-balanced queue id in the ice: xsk component. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

GSD-2022-1005280 Bluetooth: When HCI work queue is drained, only queue chained work

Bluetooth: When HCI work queue is drained, only queue chained work This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

PT-2022-33714 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: The issue is related to the prohibition of usage of non-balanced queue id in the ice xsk component. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5616-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5616-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

PT-2022-33313 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue is related to the prohibition of usage of non-balanced queue id in the ice: xsk component. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

Ubuntu 22.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5602-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5602-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

OESA-2022-1893 kernel security update

Security Fixes: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5599-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5599-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5594-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5594-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow...

activemq-artemis: AMQ Broker web console HTML Injection

A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages: openssl, pcre2 and Golang Go, that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-1962 DESCRIPTION: Golang Go is vulnerable to a denial of...

The vulnerability of the print spooler in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the formSetFixTools function in the Tenda M3 router software allows a hacker to cause a service failure.

The vulnerability of the formSetFixTools function in Tenda M3 router microprogramming software is related to buffer overflow in the queue. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

AZL-10692 CVE-2022-2959 affecting package kernel for versions less than 5.15.67.1-4

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...