CVE-2022-22319

IBM Robotic Process Automation 21.0.1 contains an authorization issue: a registered user can delete a queue, disrupting scripts dependent on that queue. The root cause is lack of privilege restrictions on queue deletion. A fix is available: upgrade to IBM Robotic Process Automation 21.0.1.2 or hi...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. IBM Robotic Process Automation version 21.0.1 contains an authorization issue vulnerability that stems from the application's lack of privilege restrictions on queue deletion, which could be exploited by ...

PT-2022-15358 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation version 21.0.1 Description: The issue allows a registered user on the system to physically delete a queue, which could cause disruption for any scripts dependent on the queue. Recommendations: For IBM Robotic...

CVE-2022-22319

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366...

Cross-site request forgery in Apache ActiveMQ

Cross-site request forgery CSRF vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action...

GHSA-33J4-8VCR-F79V Cross-site request forgery in Apache ActiveMQ

Cross-site request forgery CSRF vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action...

GHSA-MXF7-PV8Q-294H Cross-site scripting in Apache ActiveMQ

Cross-site scripting XSS vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action...

Cross-site scripting in Apache ActiveMQ

Cross-site scripting XSS vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action...

Qualcomm 输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc. and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Modem module of...

PT-2022-6661 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A use after free issue was discovered in the driver/firewire component of the Linux Kernel, specifically in the outbound phy packet callback function. This flaw allows a local attacker...

Unbreakable Enterprise kernel security update

4.14.35-2047.512.6 - Revert 'rds/ib: recover rds connection from stuck rx path' Rohit Nair Orabug: 34039271 - uek-rpm: update kABI lists for new symbols Saeed Mirzamohammadi Orabug: 33993774 4.14.35-2047.512.5 - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug:...

GSD-2022-1002026 watch_queue: Free the page array when watch_queue is dismantled

watchqueue: Free the page array when watchqueue is dismantled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

GSD-2022-1001023 net: sfc: add missing xdp queue reinitialization

net: sfc: add missing xdp queue reinitialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

com.buildcoin.plugins.jenkins:buildcoin-plugin (>=1.0 <=1.4), com.coravy.hudson.plugins.github:github (>=1.1 <=1.8) +99 more potentially affected by CVE-2012-0785 via org.jenkins-ci.main:jenkins-core (>=1.425 <=1.446)

org.jenkins-ci.main:jenkins-core MAVEN version =1.425, =1.0, =1.1, =0.3.2, =1.1, =1.0, =0.1, =1.1, =0.2.5, =1.425, =1.425, =1.425, =1.425, =1.446 and more Source cves: CVE-2012-0785 Source advisory: OSV:GHSA-PCHP-C5W8-47GC...

Metasploit Weekly Wrap-Up

ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...

GHSA-86R3-4GQ8-XW8Q Remote Code Execution in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...

编号撤回

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

Security Bulletin: IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user.

Summary IBM Robotic Process Automation before 21.0.2 and 21.0.1.2 could allow a queue to be deleted by a registered user. This could cause a disruption on any RPA scripts dependent on queues. Vulnerability Details CVEID: CVE-2022-22319 DESCRIPTION: IBM Robotic Process Automation could allow a...

PT-2022-16893 · Miraheze · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent...

CreateWiki 授权问题漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that stems from the ability to use Special:RequestWikiQueue for anonymous comments when sent directly via POST...