Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with multiple vulnerabilities

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the node-sass package that has multiple vulnerabilities. As of v10.0.0, ISIQ has upgraded to a newer, secure version of node-sass. Vulnerability Details CVEID: CVE-2018-11697 DESCRIPTION: LibSaas could...

IBM Security Verify Information Queue 授权问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An elevation of privilege vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. A remote attacker could explo...

IBM Security Verify Information Queue 跨站请求伪造漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A cross-site request forgery vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A denial of service vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from an...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...

CVE-2021-21294

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

Qualcomm WLAN HOST Resource Management Error Vulnerability

Qualcomm WLAN HOST is a Qualcomm Incorporated USA wireless LAN component used in Qualcomm products. A resource management error vulnerability exists in the Qualcomm WLAN HOST, which arises from the possibility that an entry in the hash table could be deleted before a frame is placed in the PE que...

PRTG Network Monitor Authenticated RCE

Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided...

IBM MQ 代码问题漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A remote code execution vulnerability exists in IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD, which is caused ...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust mayqueue crate through 2020-11-10 A security vulnerability exists due to a limitation in the queue's lack of send feature or synchronization feature, which could be exploited by an attacker to cause a memor...

IBM MQ 7.5 <= 7.5.0.8 / 8.0 <= 8.0.0.6 / 9.0 <= 9.0.0.1 LTS / 9.0.1 <= 9.0.3 CD (563791)

The version of IBM MQ Server running on the remote host is affected by a vulnerability. IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. Note that Nessus has not tested for this issue...

IBM MQ Internet Pass-Thru Denial of Service Vulnerability

IBM MQ Internet Pass-Thru is an American IBM product used to support the realization of messaging between remote sites on the Internet. The product is an extended functionality component of IBM MQ that acts as a protocol channel or proxy for establishing protocols during interactions, making it...

The vulnerability of the Windows operating system’s print queue dispatcher service allows a hacker to escalate their privileges.

The vulnerability of the Windows operating system’s print queue dispatcher is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2020-35900

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A popback call may lead to a use-after-free...

CVE-2020-35900

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A popback call may lead to a use-after-free...

Design/Logic Flaw

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A popback call may lead to a use-after-free...

CVE-2020-35900

CVE-2020-35900 affects the Rust array-queue crate (pop_back) and may cause a use-after-free due to incorrect indexing in the pop_back path. Multiple connected advisories (RUSTSEC-2020-0047, GHSA-75CQ-G75G-RXFF, OSV/RUSTSEC mirrors) describe the same issue. The available documents do not specify a...