PT-2024-11067 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the TX queue lookup in TX flush done handling in the Linux kernel. Specifically, the problem arises because the code starts from a TXQ instance number 'qid', no...

PT-2024-11066 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the sfc driver in the Linux kernel, specifically with the farch module. The problem arises from using a TXQ label instead of a TXQ type, making the efx channel...

PT-2021-8268 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the Linux kernel when closing a socket. Specifically, the vsock/virtio component fails to free queued packets, leading to a memory leak. This w...

SUSE: Security Advisory (SUSE-SU-2019:1243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4907-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4907-1 advisory. Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. A use-after-free flaw in the MegaRAID emulator allows an attacker to crash the QEMU process due to an error while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object req from a pending requests...

Cross-site-scripting (XSS)

sidekiq is vulnerable to cross-site-scripting. An attacker is able to inject and execute malicious code via the queue name of the live-poll feature when Internet Explorer is used...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the queue name of the live-poll feature when Internet Explorer is used. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise...

Mike Perham sidekiq 跨站脚本漏洞

Mike Perham sidekiq is a Mike Perham open source application. Use threads to process many jobs simultaneously in the same process A cross-site scripting vulnerability exists in Mike Perham Sidekiq version 5.1.3 and earlier and 6.x series version 6.2.0 and earlier, which can be exploited by an...

PT-2021-18635

Name of the Vulnerable Software and Affected Versions Sidekiq versions 5.1.3 and earlier Sidekiq versions 6.x through 6.2.0 Description The issue allows for XSS via the queue name of the live-poll feature, specifically when Internet Explorer is used. Recommendations For Sidekiq versions 5.1.3 and...

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled aka CID-d8861bab48b6.

...

DEBIAN-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

UBUNTU-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

The vulnerability of Google Chrome’s WebAudio component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the WebAudio component in the Google Chrome browser is related to buffer overflows in the queue. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Samba AD DC LDAP server, related to errors in processing the “Paged Results” and “ASQ” control elements, allows an attacker to cause a service failure.

The vulnerability of the Samba AD DC LDAP server is related to errors in processing the “Paged Results” and “ASQ” control elements. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2024-11078 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mhi queue function in the Linux kernel, which returns an error when the doorbell is not accessible in the current state. This can occur when the device is i...

redhat AMQ 日志信息泄露漏洞

AMQ is a messaging middleware from Redhat that enables high-performance, secure, and reliable transfer of information between different services. A security vulnerability exists in redhat AMQ that arises from the disclosure of JDBC usernames and passwords in application logs...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the http-proxy package that has a known vulnerability to a denial of service. As of v10.0.0, ISIQ has upgraded to a newer, secure version of http-proxy. Vulnerability Details Third Party Entry: 183561...