CVE-2021-35095

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...

Race condition

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...

Design/Logic Flaw

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2021-35095

CVE-2021-35095 is a Qualcomm/Qualcomm-derived issue affecting Snapdragon components (Snapdragon Connectivity and Snapdragon Mobile) where improper serialization of message queue client registrations can cause a race condition, allowing multiple gunyah message clients to register with the same lab...

CVE-2021-35095

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...

PT-2022-10415 · Qualcomm · Snapdragon Mobile +1

Name of the Vulnerable Software and Affected Versions: Snapdragon Connectivity, Snapdragon Mobile affected versions not specified Description: The issue is related to improper serialization of message queue client registration, which can cause a race condition. This condition allows multiple guny...

PT-2022-10412 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue arises from the processing of DCB/AVB algorithm with an invalid queue index from an IOCTL request, potentially leading to arbitrary address modification. This affects...

The vulnerability of the ClamAV antivirus software lies in the overflow of buffers in the queue, allowing a hacker to execute arbitrary code.

The vulnerability of the ClamAV antivirus software is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted data...

Flower Denial of Service Vulnerability

Flower is a Web-based, real-time monitoring and management of Celery distributed task queues. A denial of service vulnerability exists in the May 2, 2022 version of Flower and prior versions, which stems from being vulnerable to OAuth authentication bypass. An attacker can use this vulnerability ...

DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash

A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages gzip, libssh, gnutls, nettle, zlib and jackson-databind that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2021-3634 DESCRIPTION: libssh is...

GHSA-9QGF-4FPF-CMH2 Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

GHSA-Q4WP-8C99-69PW Improper permission checks allow canceling queue items and aborting builds in Jenkins

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission. Jenkins 2.300, LTS 2.289.2 requires that users have Item/Read permission for applicable types ...

Improper permission checks allow canceling queue items and aborting builds in Jenkins

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission. Jenkins 2.300, LTS 2.289.2 requires that users have Item/Read permission for applicable types ...

Stored XSS vulnerability in computer-queue-plugin Plugin

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...

GHSA-QG66-XV7V-M834 Stored XSS vulnerability in computer-queue-plugin Plugin

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...

Reflected XSS vulnerability in Jenkins Queue cleanup Plugin

A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability XSS. Queue cleanup Plugin 1.4 correctly escapes the query parameter...

GHSA-M7PR-M4CX-6M22 Reflected XSS vulnerability in Jenkins Queue cleanup Plugin

A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability XSS. Queue cleanup Plugin 1.4 correctly escapes the query parameter...

GHSA-HGR8-6H9X-F7Q9 golang.org/x/net/http vulnerable to ping floods

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...