CVE-2020-14855

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...

CVE-2020-14855

The CVE-2020-14855 vulnerability affects Oracle E-Business Suite’s Oracle Universal Work Queue (component: Work Provider Administration) in the 12.1.3 release. Affected vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Universal Work Queue, wit...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Applications Manager Marketing Application Object Library Trade Management Universal Work Queue Installed Base CRM Technical Foundation One-to-One Fulfillment Applications Framework E-Business Suite Secure...

Slow Response to the Client Requests when USIP Mode is Enabled on ADC

When using ADC inUse Source IP USIP mode, a slow response to the client requests is experienced. Servers had requests in surge queues that were not processed. Background The USIP mode enables the NetScaler appliance to communicate with the backend servers by using the original Client IP address a...

CVE-2020-1679

On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table KRT queue to become stuck. KRT is the module within the Routing Process Daemon RPD that synchronized the routing...

Command injection

On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table KRT queue to become stuck. KRT is the module within the Routing Process Daemon RPD that synchronized the routing...

CVE-2020-1679

CVE-2020-1679 affects Juniper Junos OS on PTX/QFX Series when packet sampling is configured with tunnel-observation mpls-over-udp. A malformed packet can stall the Kernel Routing Table (KRT) queue, causing forwarding issues. Affected versions (examples): 17.2X75 prior to 17.2X75-D105; 18.1R3-S11;...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

RUSTSEC-2020-0047 array_queue pop_back() may cause a use-after-free

arrayqueue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the popback function allowing the reading of previously dropped or uninitialized memory...

array_queue pop_back() may cause a use-after-free

arrayqueue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the popback function allowing the reading of previously dropped or uninitialized memory...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

CloudBees Jenkins computer-queue-plugin cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Cross site scripting

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2020-2259

Affected software: Jenkins computer-queue-plugin, version 1.5 and earlier. Root cause: the agent name shown in tooltips is not escaped, enabling stored XSS. Impact: requires Agent/Configure permission to exploit; can lead to client-side code execution. Exploitation vector: stored XSS through tool...

PT-2020-15484 · Jenkins · Jenkins Computer-Queue-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins computer-queue-plugin Plugin versions 1.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Agent/Configure permission. This occurs because the agen...

CVE-2020-13127

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKSLISTpt.querystring parameter...

Cisco IOS and Cisco IOS XR Resource Management Error Vulnerability

Cisco IOS and Cisco IOS XR are both operating systems developed by Cisco for its network devices. A security vulnerability in DVMRP in Cisco IOS XR Software, which stems from insufficient queue management of Internet Group Management Protocol IGMP packets, could allow an attacker to send carefull...