Qualcomm 芯片 代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc., and from time to time manufactured on the surface of semiconductor wafers. A code issue vulnerability exists in multiple Qualcomm...

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state potentially allowing a local user to gain privileged access or cause a denial of service on the system.

...

CVE-2022-0995

An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

DEBIAN-CVE-2022-0995

An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

UBUNTU-CVE-2022-0995

An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...

The vulnerability of the `__proto__.write()` function in the Node.js interpreter, related to buffer overflow in the queue, allows a malicious actor to trigger a service failure.

The vulnerability of the proto.write function in the Node.js interpreter is related to buffer overflow in the queue. Exploiting this vulnerability could allow an attacker to cause a denial-of-service attack...

VulnCheck KEV: CVE-2017-6627

A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service...

IBM MQ Appliance 安全漏洞

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. A security vulnerability exists in IBM MQ Appliance that originates from a vulnerability that can be exploited by an attacker to read IBM MQ Appliance files via insufficient...

GSD-2022-1000679 gve: fix the wrong AdminQ buffer queue index check

gve: fix the wrong AdminQ buffer queue index check This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.8 by commit...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is associated with security configuration errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

Attacker can DOS VUSD withdrawal by spamming withdrawals of zero tokens

Lines of code Vulnerability details Impact By spamming withdrawal requests of 0, the user can clog the withdrawal queue. For anybody to withdraw their funds somebody has to first unclog it by running processWithdrawal. Depending on the number of spam withdrawals, potentially multiple times. Since...

Security Bulletin: Multiple IBM MQ vulnerabilities affect IBM Sterling Global Mailbox

Summary IBM MQ is shipped with IBM Sterling Global Mailbox. Multiple vulnerabilities impacts IBM MQ. Remediation is available for the issues. Vulnerability Details CVEID: CVE-2019-4227 DESCRIPTION: IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge DoS (cisco-sa-n9kaci-queue-wedge-cLDDEfKF)

According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a denial of service vulnerability. The vulnerability exists in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode. An unauthenticated, remote attacker can exploit thi...

Griefing attack at VUSD withdraw queue is possible

Lines of code Vulnerability details Impact A malicious user can make lots of withdrawal requests to fill up the queue, making VUSD withdrawals unreachable for all other users Proof of Concept There is no control of the size or number of the withdrawal requests, and VUSD will burn even 1 wei amoun...

CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...

TotoLink routers 命令注入漏洞

TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.A command injection vulnerability exists in the meshSlaveUpdate function of TOTOLINK Technology Routers T6 and T10. An attacker can exploit this vulnerability to...

GSD-2022-1000256 scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()

scsi: bnx2fc: Flush destroywork queue before calling bnx2fcinterfaceput This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.19 by commit...