CVE-2020-4870

IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833...

ZTE E8810/E8820/E8822 series 信息泄露漏洞

ZTE E8810 is a smart cloud router from ZTE China. The ZTE E8810 suffers from a hard-coded MQTT service vulnerability that can be exploited by remote attackers to submit a special request for unauthorized access to the MQTT server and obtain sensitive information...

IBM MQ 安全漏洞

IBM MQ formerly IBM WebSphere MQ is a powerful, secure and reliable messaging middleware. A security vulnerability exists in IBM MQ, which can be exploited by an attacker to trigger a denial of service via a fatal error that can be triggered by application processing connected to IBM MQ...

ALPINE-CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...

DEBIAN-CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...

UBUNTU-CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes such as Linux, FreeBSD, and NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OO...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

Frontends can trigger OOM in Backends by update a watched path

ISSUE DESCRIPTION Some OSes such as Linux, FreeBSD, NetBSD are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend. IMPACT A malicious...

Xen Buffer Error Vulnerability

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen versi...

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Google Asylo version 0.6.0 and...

Unauthorized Access Vulnerability in Alcatel OAW Series Smart Wireless AP Devices

Alcatel-Lucent, a multinational company providing telecommunications hardware and software equipment and services, is headquartered in Paris, France. An unauthorized access vulnerability exists in the Alcatel OAW series of Smart Wireless AP devices, which can be exploited by an attacker to...

Injection Vulnerabilities

Jenkins is vulnerable to injection vulnerabilities. An attacker is able to exploit a stored XSS vulnerability and control part of the reason a queue item is blocked, such as label expressions not matching any idle executors...

IBM MQ Denial of Service Vulnerability (CNVD-2020-65161)

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in IBM MQ, which can be exploited by an attacker to trigger a denial of...

IBM MQ Appliance 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in IBM MQ, which can be exploited by an attacker to trigger a denial of...

RUSTSEC-2020-0133 Queue<T> should have a Send bound on its Send/Sync traits

Affected versions of this crate unconditionally implements Send/Sync for Queue. This allows 1 creating data races to a T: !Sync and 2 sending T: !Send to other threads, resulting in memory corruption or other undefined behavior...

Queue<T> should have a Send bound on its Send/Sync traits

Affected versions of this crate unconditionally implements Send/Sync for Queue. This allows 1 creating data races to a T: !Sync and 2 sending T: !Send to other threads, resulting in memory corruption or other undefined behavior...

Unbreakable Enterprise kernel-container security update

4.14.35-2025.402.2.1.el7 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 4.14.35-2025.402.2.el7 - ocfs2: fix remounting needed after setfacl command Gang He - Fix multiple variable definition with syzkaller Hans Westgaard Ry Orabug:...

Oracle Linux 8 : qt5-qtbase / and / qt5-qtwebsockets (ELSA-2020-4690)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4690 advisory. qt5-qtbase 5.12.5-6 - OpenSSL: handle SSLshutdowns errors properly Resolves: bz1851538 5.12.5-5 - Fix: Files placed by attacker can influence the worki...