7455 matches found
beanstalk_console 跨站脚本漏洞
beanstalkconsole is the administration console for the Beanstalk Queue Server and is written in PHP. A cross-site scripting vulnerability exists in beanstalkconsole, which stems from a cross-site scripting vulnerability in beanstalkconsole...
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software, related to buffer overflow in the queue, allows a intruder to gain remote access to the device.
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software is related to buffer overflow attacks. Exploiting this vulnerability could allow attackers to gain remote access to the device...
PT-2022-2006
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc8 Description An out-of-bounds OOB memory write flaw exists in the watch queue event notification subsystem. This issue allows the overwriting of parts of the kernel state, which could enable a local user ...
PT-2022-10040 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 1.0.0 through 2.7.8 Stormshield Network Security SNS versions 2.8.0 through 2.16.0 Stormshield Network Security SNS versions 3.0.0 through 3.7.20 Stormshield Network Security SNS versions 3.8.0 throug...
Medium: kernel
Issue Overview: An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. CVE-2021-28375 A flaw was found in the Linux kernel. The rtwwxsetscan driver...
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot which may be the case when using GSO XDP or software hashing. (CVE-2021-28714)
...
CVE-2022-22159
A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service DoS by sending crafted genuine packets to a device. During an attack, the routing protocol daemon rpd CPU may reach 100% utilization, yet FPC CPUs forwardi...
[SECURITY] Fedora 35 Update: python-kombu-5.2.3-1.fc35
AMQP is the Advanced Message Queuing Protocol, an open standard protocol for message orientation, queuing, routing, reliability and security. One of the most popular implementations of AMQP is RabbitMQ. The aim of Kombu is to make messaging in Python as easy as possible by providing an idiomatic...
[SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35
An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...
Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
Mozilla: Use-after-free of ChannelEventQueue::mOwner
The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...
PT-2022-1478 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.3R3-S9 through 17.3R3-S12 Juniper Networks Junos OS versions 17.4R3-S3 through 17.4R3-S5 Juniper Networks Junos OS versions 18.1R3-S11 through 18.1R3-S13 Juniper Networks Junos OS versions 18.2R3-S6 and...
CVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...