7294 matches found
kernel: net-sysfs: *_queue_add_kobject refcount issue
A flaw was found in the way the rxqueueaddkobject and netdevqueueaddkobject functions in the Linux kernel handled refcounting of certain objects. This flaw allows a local user who can trigger the error code path to use this vulnerability to disturb the integrity of the system...
kernel: net-sysfs: *_queue_add_kobject refcount issue
A flaw was found in the way the rxqueueaddkobject and netdevqueueaddkobject functions in the Linux kernel handled refcounting of certain objects. This flaw allows a local user who can trigger the error code path to use this vulnerability to disturb the integrity of the system...
may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.
Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
RUSTSEC-2020-0111 may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.
Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
PT-2020-4778 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows print queue manager service. It allows an attacker to elevate their privileges. Recommendations: At the moment, there...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
Oracle Oracle E-Business Suite (Oct 2020 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory, including the following: - Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider...
Oracle Universal Work Queue Code Execution Vulnerability
Oracle Universal Work Queue is a flexible work presentation and access tool from Oracle USA. The software provides a centralized view of work, access requests, and organizes work to improve efficiency and productivity. A code execution vulnerability exists in Oracle Universal Work Queue version...
CVE-2020-14862
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...
CVE-2020-14862
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...
CVE-2020-14855
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...
CVE-2020-14855
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...
Buffer overflow
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...
Buffer overflow
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...
CVE-2020-14862
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...
CVE-2020-14862
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...
CVE-2020-14862
CVE-2020-14862 affects Oracle E‑Business Suite Universal Work Queue (Internal Operations) with affected versions 12.2.3–12.2.9. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise the Oracle Universal Work Queue and can lead to takeover of the component, ...
CVE-2020-14855
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...