CVE-2020-3566

A vulnerability in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protoco...

CVE-2012-2201

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager...

PT-2020-7199 · Ibm · Ibm Websphere Mq

Name of the Vulnerable Software and Affected Versions: IBM WebSphere MQ version 7.1 Description: The issue is related to a denial of service caused by an error when handling user ids. A remote attacker could exploit this to bypass the security configuration setup on a SVRCONN channel and flood th...

In QEMU 5.0.0 and earlier megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

...

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375)

Summary An error was found within the Dynamic queue logic that could cause a memory leak and be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could all...

IBM MQ Denial of Service Vulnerability (CNVD-2020-44895)

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in the queue processing feature in IBM MQ for HPE NonStop Server versio...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2020-4375

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080...

CVE-2020-4375

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080...

CVE-2020-4465

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 18156...

IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2020-44874)

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. An information disclosure vulnerability exists in IBM MQ Appliance version 8.0, 9.1 LTS version and 9.1 CD version, which originates from errors such as configuration during...

IBM MQ Appliance Buffer Overflow Vulnerability

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. A buffer overflow vulnerability exists in IBM MQ Appliance version 8.0, 9.1 LTS version and 9.1 CD version, which can be exploited by remote attackers to cause a denial of...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4375)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue...

openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

CVE-2020-13932

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

CVE-2020-13932

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

Cross site scripting

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and th...

CVE-2020-4466

IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563...