Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

PT-2022-1478 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.3R3-S9 through 17.3R3-S12 Juniper Networks Junos OS versions 17.4R3-S3 through 17.4R3-S5 Juniper Networks Junos OS versions 18.1R3-S11 through 18.1R3-S13 Juniper Networks Junos OS versions 18.2R3-S6 and...

CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

Design/Logic Flaw

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-23727

A command injection vulnerability was found in the distributed task queue celery, which can lead to remote code execution. An attacker with access to backend results can reconstruct the exception class to act as a command payload which can be queried to the task to execute...

PT-2025-8399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue has been identified in the Linux kernel, specifically in the blk-throttle component. This issue occurs when a bio block I/O request is throttled and the BIO...

PT-2025-8655

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A memory corruption issue in the VF driver of the Linux kernel has been resolved. The issue occurred when the VF driver assumed that the VF was disabled while it still had queues...

GSD-2021-1002648 audit: improve robustness of the audit queue handling

audit: improve robustness of the audit queue handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.222 by commit...

GSD-2021-1002632 audit: improve robustness of the audit queue handling

audit: improve robustness of the audit queue handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.259 by commit...

ROS-2-2203

2.2203 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

The vulnerability of the IBM WebSphere MQ messaging software for HPE NonStop operating systems, related to authentication procedures that allow attackers to escalate their privileges.

The vulnerability of the IBM WebSphere MQ messaging software for HPE NonStop operating systems is related to deficiencies in the authentication process when the SharedBindingsUserId attribute is used. Exploiting this vulnerability can allow attackers to gain increased privileges...

Qt 5.12.2 through 5.14.2 as used in unofficial builds of Mumble 1.3.0 and other products mishandles OpenSSL's error queue which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected regardless of the Qt version.)

...

PT-2021-22685 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the dwc3 gadget ep0 queue function of ep0.c due to improper locking. This could lead to local escalation of privilege with no additional execution privilege...

CVE-2021-44522

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

Design/Logic Flaw

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

Vulnerabilities fixed in IBM MQ for HPE NonStop Server

Vulnerabilities have been fixed in IBM MQ used in the HPE NonStop Server. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges IBM has released updates to f...