The vulnerability of the print spooler daemon in Windows operating systems allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue handler is associated with insufficient protection of service data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages "expat", "gcc", "openssl", "libxml" and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2022-22825 DESCRIPTION: Expat...

GHSA-8RCQ-P4GH-VMJ8 Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

GHSA-G78X-XMV8-23XP Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...

CVE-2022-22325

IBM MQ IBM MQ for HPE NonStop 8.1.0 can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853...

Jenkins allows Unauthorized Viewing of Queue API Information

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

GHSA-5XMF-9VGR-53MJ Jenkins allows Unauthorized Viewing of Queue API Information

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

IBM MQ for HPE NonStop 信息泄露漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An information disclosure vulnerability exists in IBM MQ for HPE NonStop version 8.1.0, which can be exploited b...

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

IBM Robotic Process Automation Licensing Issue Vulnerability

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. IBM Robotic Process Automation version 21.0.1 contains an authorization issue vulnerability that stems from the application's lack of privilege restrictions on queue deletion, which could be exploited by ...

kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...

kernel: dm rq: don't queue request to blk-mq during DM suspend

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

kernel: igc: avoid kernel warning when changing RX ring parameters

In the Linux kernel, the following vulnerability has been resolved: igc: avoid kernel warning when changing RX ring parameters Calling ethtool changing the RX ring parameters like this: $ ethtool -G eth0 rx 1024 on igc triggers kernel warnings like this: 225.198467 ------------ cut here...

kernel: Linux kernel: integer overflow and information disclosure via undefined shift operation in drm/amdkfd

A flaw was found in the Linux kernel’s AMD Kernel Fusion Driver amdkfd within the drm subsystem. When either getnumsdmaqueues or getnumxgmisdmaqueues returned 0, the driver performed a bit shift where the number of bits shifted equaled the operand width. Such a shift is undefined behavior in C an...

a2 (>=0.5.0-alpha.6 <=0.5.0-alpha.7), abci-rs (=0.2.0) +425 more potentially affected by unknown CVE via crossbeam-queue (>=0.1.2 <=0.2.0)

crossbeam-queue CARGO version =0.1.2, =0.5.0-alpha.6, =0.0.2, =0.0.1, =0.1.0-alpha.2, =0.1.5, =0.12.0, =0.5.0, =0.1.0, =0.3.0 - amethyst-navigation =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0021...

CVE-2022-22319

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366...

CVE-2022-22319

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366...

CVE-2022-22319

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366...