Cisco IOS XE Software Interface Queue Wedge DoS (cisco-sa-quewedge-69BsHUBW)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the layer 2 punt code that allows an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. Thi...

OTRS 授权问题漏洞

OTRS is an application from the German company OTRS. A service management software. An authorization issue vulnerability exists in OTRS, which arises from a product that allows resources to be locked without Owner rights and can be moved to a queue with rw rights for full control. The following...

OESA-2021-1379 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.CVE-2021-3669 CVE-2021-3764 CVE-2021-3744...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

CVE-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time due to the job queue backlog...

Jenkins Enterprise and Operations Center < 2.249.31.0.6 / 2.277.40.0.1 / 2.289.2.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-06-30)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.289.2.2, 2.249.x prior to 2.249.31.0.6, or 2.277.x prior to 2.277.40.0.1. It is, therefore, affected by multiple vulnerabilities: - Vulnerable versions of Jenkins allow users to cance...

QEMU: usbredir: free() call on invalid pointer in bufp_alloc()

A flaw was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash ...

7: Incorrect privilege in Management Console

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means...

The vulnerability of the real-time operating system FreeRTOS’s kernel allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the function in the queue.c file of the real-time operating system FreeRTOS is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

DEBIAN-CVE-2021-22945

When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again...

Race condition

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certa...

CVE-2021-1621 Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certa...

Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certa...

PT-2021-4321 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Layer 2 punt code could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames,...

Cisco IOS XE Software 资源管理错误漏洞

Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software suffers from a denial-of-service vulnerability...

Exposure of Sensitive Information in keycloak

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events...

jenkins: improper permission checks allow canceling queue items and aborting builds

Incorrect Authorization vulnerability was found in Jenkins. Users with Item/Cancel permission are able to cancel queue items and abort builds of jobs even when they do not have Item/Read permission...