CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

CVE-2021-35562 affects Oracle E-Business Suite Universal Work Queue (Work Provider Site Level Administration). Affects versions 12.1.1–12.1.3 and 12.2.3–12.2.10. Root cause not explicitly detailed in the provided documents, but impact per CVSS is high: low-privilege, network (HTTP) attacker can c...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2022-02349)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

jenkins: improper permission checks allow canceling queue items and aborting builds

Incorrect Authorization vulnerability was found in Jenkins. Users with Item/Cancel permission are able to cancel queue items and abort builds of jobs even when they do not have Item/Read permission...

Oracle E-Business Suite和Oracle Universal Work Queue 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

CVE-2021-36097

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...

Cisco IOS XE Software Interface Queue Wedge DoS (cisco-sa-quewedge-69BsHUBW)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the layer 2 punt code that allows an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. Thi...

OTRS 授权问题漏洞

OTRS is an application from the German company OTRS. A service management software. An authorization issue vulnerability exists in OTRS, which arises from a product that allows resources to be locked without Owner rights and can be moved to a queue with rw rights for full control. The following...

OESA-2021-1379 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.CVE-2021-3669 CVE-2021-3764 CVE-2021-3744...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

Jenkins Enterprise and Operations Center < 2.249.31.0.6 / 2.277.40.0.1 / 2.289.2.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-06-30)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.289.2.2, 2.249.x prior to 2.249.31.0.6, or 2.277.x prior to 2.277.40.0.1. It is, therefore, affected by multiple vulnerabilities: - Vulnerable versions of Jenkins allow users to cance...

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

7: Incorrect privilege in Management Console

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means...

The vulnerability of the real-time operating system FreeRTOS’s kernel allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the function in the queue.c file of the real-time operating system FreeRTOS is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

DEBIAN-CVE-2021-22945

When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again...