GSD-2022-1000232 gve: fix the wrong AdminQ buffer queue index check

gve: fix the wrong AdminQ buffer queue index check This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.99 by commit...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...

The vulnerability of the ANGLE library in Google Chrome browser allows a hacker to bypass existing security restrictions.

The vulnerability of the ANGLE library in the Google Chrome browser is related to buffer overflow in the queue mechanism. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions remotely...

GHSA-3H2H-XQR2-2JP7 Cross-site Scripting (XSS) in Apache ActiveMQ Artemis

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

AlmaLinux 8 : qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4690 advisory. - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...

beanstalk_console 跨站脚本漏洞

beanstalkconsole is the management console for the Beanstalk Queue Server and is written in PHP. A cross-site scripting vulnerability exists in beanstalkconsole, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to...

beanstalk_console 跨站脚本漏洞

beanstalkconsole is the administration console for the Beanstalk Queue Server and is written in PHP. A cross-site scripting vulnerability exists in beanstalkconsole, which stems from a cross-site scripting vulnerability in beanstalkconsole...

The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software, related to buffer overflow in the queue, allows a intruder to gain remote access to the device.

The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software is related to buffer overflow attacks. Exploiting this vulnerability could allow attackers to gain remote access to the device...

PT-2022-2006

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc8 Description An out-of-bounds OOB memory write flaw exists in the watch queue event notification subsystem. This issue allows the overwriting of parts of the kernel state, which could enable a local user ...

PT-2022-10040 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 1.0.0 through 2.7.8 Stormshield Network Security SNS versions 2.8.0 through 2.16.0 Stormshield Network Security SNS versions 3.0.0 through 3.7.20 Stormshield Network Security SNS versions 3.8.0 throug...

Medium: kernel

Issue Overview: An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. CVE-2021-28375 A flaw was found in the Linux kernel. The rtwwxsetscan driver...

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot which may be the case when using GSO XDP or software hashing. (CVE-2021-28714)

...

CVE-2022-22159

A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service DoS by sending crafted genuine packets to a device. During an attack, the routing protocol daemon rpd CPU may reach 100% utilization, yet FPC CPUs forwardi...

[SECURITY] Fedora 35 Update: python-kombu-5.2.3-1.fc35

AMQP is the Advanced Message Queuing Protocol, an open standard protocol for message orientation, queuing, routing, reliability and security. One of the most popular implementations of AMQP is RabbitMQ. The aim of Kombu is to make messaging in Python as easy as possible by providing an idiomatic...

[SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35

An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...

Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...