The vulnerability of Mediatek Command Queue driver in Android operating systems of Huawei mobile phones allows attackers to escalate their privileges.

The vulnerability of Mediatek’s Command Queue driver in Android operating systems of Huawei mobile phones involves the execution of write operations beyond the buffer in memory. Exploiting this vulnerability can allow attackers to gain increased privileges...

CVE-2021-38949

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403...

PT-2021-8170 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.15.0 Description: The vulnerability is related to a use-after-free error in the create qp function. This issue can be exploited to potentially elevate privileges in the system. The error occurs when the create qp functi...

PT-2021-8171 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-rc5 for upstream min debug 2021 10 14 11 06 Description: The vulnerability is related to a null pointer dereference in the mlx5 debug cq remove function. If mlx5 core destroy cq fails, it proceeds with th...

The vulnerability of the print spooler driver in Windows operating systems allows attackers to perform spoofing attacks.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue handler is associated with information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ that stems from a network system or product that does not properly use...

kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c

A use after free flaw in the Linux kernel network block device NBD subsystem was found in the way user calls an ioctl NBDSETSOCK at a certain point during device setup...

kernel: tcp: add sanity tests to TCP_QUEUE_SEQ

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

VulnCheck KEV: CVE-2020-0069

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

Design/Logic Flaw

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2021-35562

CVE-2021-35562 affects Oracle E-Business Suite Universal Work Queue (Work Provider Site Level Administration). Affects versions 12.1.1–12.1.3 and 12.2.3–12.2.10. Root cause not explicitly detailed in the provided documents, but impact per CVSS is high: low-privilege, network (HTTP) attacker can c...

CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2022-02349)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

jenkins: improper permission checks allow canceling queue items and aborting builds

Incorrect Authorization vulnerability was found in Jenkins. Users with Item/Cancel permission are able to cancel queue items and abort builds of jobs even when they do not have Item/Read permission...

Oracle E-Business Suite和Oracle Universal Work Queue 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...