PT-2021-18635

Name of the Vulnerable Software and Affected Versions Sidekiq versions 5.1.3 and earlier Sidekiq versions 6.x through 6.2.0 Description The issue allows for XSS via the queue name of the live-poll feature, specifically when Internet Explorer is used. Recommendations For Sidekiq versions 5.1.3 and...

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled aka CID-d8861bab48b6.

...

DEBIAN-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

UBUNTU-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

The vulnerability of Google Chrome’s WebAudio component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the WebAudio component in the Google Chrome browser is related to buffer overflows in the queue. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Samba AD DC LDAP server, related to errors in processing the “Paged Results” and “ASQ” control elements, allows an attacker to cause a service failure.

The vulnerability of the Samba AD DC LDAP server is related to errors in processing the “Paged Results” and “ASQ” control elements. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2024-11078 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mhi queue function in the Linux kernel, which returns an error when the doorbell is not accessible in the current state. This can occur when the device is i...

redhat AMQ 日志信息泄露漏洞

AMQ is a messaging middleware from Redhat that enables high-performance, secure, and reliable transfer of information between different services. A security vulnerability exists in redhat AMQ that arises from the disclosure of JDBC usernames and passwords in application logs...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the http-proxy package that has a known vulnerability to a denial of service. As of v10.0.0, ISIQ has upgraded to a newer, secure version of http-proxy. Vulnerability Details Third Party Entry: 183561...

PT-2024-11038 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the TCP QUEUE SEQ option. The issue was reported by Qingyu Li, who found a syzkaller bug that changes the RCV SEQ after...

CVE-2020-4931

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747...

IBM MQ Appliance 安全漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. A security vulnerability exists in the IBM MQ Appliance, which can be exploited by an attacker to trigger a denial of service by triggering a fatal error through the AMQP...

CVE-2020-4931

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747...

CVE-2020-11272

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon...

CVE-2020-11272

CVE-2020-11272 is a high-severity flaw affecting Qualcomm WLAN components in Snapdragon-based devices. The root cause is a use-after-free condition caused by deleting an entry in a hash table before enqueuing a frame to the PE queue, which can lead to use of a stale object. Documented impact span...

IBM Security Verify Information Queue Cross-Site Request Forgery Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A cross-site request forgery vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit...

IBM Security Verify Information Queue User Credentials Sent in Plaintext Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. IBM Security Verify Information Queue suffers from a user credentials plaintext delivery vulnerability. An attacker...

IBM Security Verify Information Queue Session Fixation Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A session fixation vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from incorre...