The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks allows a malicious actor to disclose protected information or gain access to the creation, modification, or deletion of data.

The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker...

Moderate: Red Hat Security Advisory: RHV Manager security update (ovirt-engine) [ovirt-4.4.6]

Updated ovirt-engine packages that fix several bugs , security flaws and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

GSD-2021-1000024 dmaengine: idxd: fix wq size store permission state

dmaengine: idxd: fix wq size store permission state This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

UVI-2021-1000024 dmaengine: idxd: fix wq size store permission state

dmaengine: idxd: fix wq size store permission state This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

UVI-2021-1000064 sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues

sfc: adjust efx-xdptxqueuecount with the real number of initialized queues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.3 by commit...

GSD-2021-1000104 sfc: farch: fix TX queue lookup in TX flush done handling

sfc: farch: fix TX queue lookup in TX flush done handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.20 by commit...

UVI-2021-1000030 dmaengine: idxd: fix wq size store permission state

dmaengine: idxd: fix wq size store permission state This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.32 by commit...

GSD-2021-1000065 sfc: farch: fix TX queue lookup in TX flush done handling

sfc: farch: fix TX queue lookup in TX flush done handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.3 by commit...

UVI-2021-1000139 sfc: farch: fix TX queue lookup in TX flush done handling

sfc: farch: fix TX queue lookup in TX flush done handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.36 by commit...

UVI-2021-1000065 sfc: farch: fix TX queue lookup in TX flush done handling

sfc: farch: fix TX queue lookup in TX flush done handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.3 by commit...

UBUNTU-CVE-2021-20237

An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...

UBUNTU-CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

PT-2024-11148 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in the Linux kernel's ipc/mqueue, msg, and sem components can cause a crash when a do mq timedreceive call returns and leaves do mq timedsend to rely on an invalid...

PT-2021-5558 · Gnu +7 · Glibc +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.32 and 2.33 Description: The issue is related to the mq notify function in the GNU C Library, which has a use-after-free problem. This occurs when the function uses the notification thread attributes object, passed through it...

PT-2021-3379 · Linux +3 · Xen-Netback +3

Name of the Vulnerable Software and Affected Versions: Linux xen-netback affected versions not specified Description: A use-after-free issue exists in Linux xen-netback due to insufficient input validation. This can be triggered by a malicious or buggy network PV frontend sending a malformed...

UBUNTU-CVE-2019-25044

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blkmqfreerqs and blkcleanupqueue...

USN-4948-1: Linux kernel (OEM) vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

PT-2024-11155 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-syzkaller Description: The issue is related to the RDMA/rxe component of the Linux kernel. Specifically, the rxe qp do cleanup function relies on valid pointer values in the QP Queue Pair for properly...

PT-2024-11091 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.18.0-304.el8.x86 64 Description: The issue arises when running some traffic and taking down the link on a peer, resulting in a retry counter exceeded error. This error leads to the nvmet rdma error comp function...

DEBIAN-CVE-2020-28011

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queuerun via two sender options: -R and -S. This may cause privilege escalation from exim to root...