CVE-2020-4292

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. IBM X-Force ID: 176335...

CVE-2020-4292

CVE-2020-4292 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The issue is an overly permissive cross-origin resource sharing (CORS) policy that can disclose sensitive information by including untrusted domains in the policy. The IBM bulletin confirms the root cause as the cro...

PT-2020-6503 · Google +1 · Android Kernel +1

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to the Mediatek Command Queue driver in Android operating systems, specifically a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This coul...

Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292)

Summary The cross-origin resource sharing CORS policy in IBM Security Information Queue ISIQ is too permissive. It allows all origins to access the ISIQ Web Server resources when such cross-domain accesses are unnecessary for ISIQ functionality. As of v1.0.5, ISIQ no longer permits cross-origin...

Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)

Summary IBM Security Information Queue ISIQ stores the JSON web token JWT secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration. Vulnerability Details CVEID: CVE-2020-4283 DESCRIPTION: IBM Security Information Queue ISIQ...

systemd security and bug fix update

239-18.0.2.el81.4 - fix to generate systemd-pstore.service file Orabug: 30230056 - fix netdev is missing for iscsi entry in /etc/fstab [email protected] Orabug: 25897792 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 Orabug: 22224874 - allow dm remove ioctl to co-operate with UEK3...

CVE-2018-10021

The code in the drivers/scsi/libsas/sasscsihost.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

IBM MQ Input Validation Error Vulnerability (CNVD-2020-13051)

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An input validation error vulnerability exists in IBM MQ version 9.0 LTS, version 8.0 and IBM MQ Appliance versi...

Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7437)

Summary IBM Sterling B2B Integrator Queue Watcher displays sensitive information. Vulnerability Details CVEID: CVE-2015-7437 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a local user to obtain sensitive information via Queue Watcher. CVSS Base Score: 5.5 CVSS Temporal...

Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496)

Summary IBM Sterling B2B Integrator Queue Watcher could allow a Cross Site Scripting attack Vulnerability Details CVEID: CVE-2017-1496 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod...

Cross-Site Scripting (XSS)

activemq-web-console is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the listing of queue contents in the admin GUI...

CVE-2019-4614

IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639...

CVE-2012-4863

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability...

Design/Logic Flaw

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability...

CVE-2012-4863

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability...

jenkins: Stored XSS vulnerability in queue item tooltip

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

Security Bulletin: IBM Security Information Queue uses database components with known vulnerabilities (CVE-2016-3506, CVE-2018-1058, CVE-2018-10936, CVE-2019-9193)

Summary IBM Security Information Queue ISIQ relies on older Oracle JDBC and PostgreSQL JAR files that have known vulnerabilities. As of v1.0.5, ISIQ switched to newer, secure versions of the JAR files. Vulnerability Details CVEID: CVE-2016-3506 DESCRIPTION: Unspecified vulnerability in the JDBC...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...