CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

UBUNTU-CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the...

The vulnerability of the Adobe Framemaker desktop publishing system, related to buffer overflows in the queue, allows a hacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker lies in the overflow of buffers in the queue. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

The vulnerability of the Adobe Framemaker desktop publishing system, related to buffer overflows in the queue, allows a hacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker lies in the overflow of buffers in the queue. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of pipe...

CVE-2022-2959

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

DEBIAN-CVE-2021-3839

A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...

CVE-2021-3763

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means...

Design/Logic Flaw

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

UBUNTU-CVE-2022-35278

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

CVE-2022-35278

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

CVE-2022-35278

CVE-2022-35278 affects Apache ActiveMQ Artemis before 2.24.0, where HTML in the name of an address/queue can inject HTML into the web console, potentially showing malicious content or redirecting users. Red Hat AMQ Broker advisories confirm a fix in 2.24.0+ (and related advisories list the CVE). ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a lack of locks in its watch queue's piperesizering causing a contention condition. The flaw allows a loc...

CVE-2022-22489

IBM MQ 8.0, 9.0, 9.1, 9.2 LTS, and 9.1 and 9.2 CD are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339...

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. Through an XML External Entity Injection XXE, a malicious party can cause a Denial-of-Service by running the MQ environment out of memory run, or gain access to sensitive information. IBM has released updates to fix the vulnerability in MQ 8.0, 9.1 and 9.2...

PT-2022-22680 · Apache · Apache Activemq Artemis

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 2.24.0 Description: An issue exists where an attacker could display malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...