DEBIAN-CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

UBUNTU-CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

IBM MQ for HP NonStop 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ for HP NonStop that stems from vulnerability to an elevation of privile...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the Google Android Kernel. The vulnerability stems from an out-of-bounds write due to improper locking in the dwc3gadgetep0queue of ep0.c. An attacker could use this...

What is AMQP Protocol ❓ All you need to know

The cost-free and fast operations of the open-source tool have made them a preferred choice over their closed-source peers. Without putting any hard and fast restrictions on the users, open-source applications have become a norm these days. AMQP Standard is a commonly used messaging protocol used...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while...

The vulnerability of Mediatek Command Queue driver in Android operating systems of Huawei mobile phones allows attackers to escalate their privileges.

The vulnerability of Mediatek’s Command Queue driver in Android operating systems of Huawei mobile phones involves the execution of write operations beyond the buffer in memory. Exploiting this vulnerability can allow attackers to gain increased privileges...

CVE-2021-38949

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403...

PT-2021-8170 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.15.0 Description: The vulnerability is related to a use-after-free error in the create qp function. This issue can be exploited to potentially elevate privileges in the system. The error occurs when the create qp functi...

PT-2021-8171 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-rc5 for upstream min debug 2021 10 14 11 06 Description: The vulnerability is related to a null pointer dereference in the mlx5 debug cq remove function. If mlx5 core destroy cq fails, it proceeds with th...

The vulnerability of the print spooler driver in Windows operating systems allows attackers to perform spoofing attacks.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue handler is associated with information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ that stems from a network system or product that does not properly use...

kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c

A use after free flaw in the Linux kernel network block device NBD subsystem was found in the way user calls an ioctl NBDSETSOCK at a certain point during device setup...

kernel: tcp: add sanity tests to TCP_QUEUE_SEQ

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

VulnCheck KEV: CVE-2020-0069

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

Design/Logic Flaw

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...