kernel: net-sysfs: *_queue_add_kobject refcount issue

A flaw was found in the way the rxqueueaddkobject and netdevqueueaddkobject functions in the Linux kernel handled refcounting of certain objects. This flaw allows a local user who can trigger the error code path to use this vulnerability to disturb the integrity of the system...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

Command injection

app/callcenters/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers with at least the permission callcenterqueueadd or callcenterqueueedit to execute any commands on...

CVE-2019-16964

app/callcenters/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers with at least the permission callcenterqueueadd or callcenterqueueedit to execute any commands on...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c

A flaw was found in the Linux kernel’s block driver implementation blkdrainqueue function where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local...

Unbreakable Enterprise kernel security update

4.14.35-1902.6.6 - RDMA/restrack: Protect from reentry to resource return path Leon Romanovsky Orabug: 30388717 4.14.35-1902.6.5 - hvnetvsc: fix vf serial matching with pci slot info Haiyang Zhang Orabug: 30373111 - rds: Use correct conn when dropping connections due to cancel Hakon Bugge Orabug:...

SQL Injection Vulnerability in Frontend of Queue Evaluation Integrated Management System V5.3

Queuing evaluation integrated management system V5.3, make full use of the queuing time for self-service filling operations, fill out a single queue but not the number, lifting the customer to fill out a single worry. SQL injection vulnerability exists in the frontend of Queue Evaluation Integrat...

File upload vulnerability in the frontend of Queue Evaluation Integrated Management System V5.3 (CNVD-2019-41009)

Queuing evaluation integrated management system V5.3, make full use of the queuing time for self-service filling operations, fill out a single queue but not the number, lifting the customer to fill out a single worry. Queue Evaluation Integrated Management System V5.3, there is a file upload...

SQL injection vulnerability in the frontend of Queue Evaluation Integrated Management System V5.3 (CNVD-2019-41011)

Queuing evaluation integrated management system V5.3, make full use of the queuing time for self-service filling operations, fill out a single queue but not the number, lifting the customer to fill out a single worry. SQL injection vulnerability exists in the frontend of Queue Evaluation Integrat...

Amazon Linux AMI : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

CVE-2019-4378

IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084...

CVE-2015-9448

The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...

FreeBSD : jenkins -- multiple vulnerabilities (9720bb39-f82a-402f-9fe4-e2c875bdda83)

Jenkins Security Advisory : DescriptionMedium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...

CVE-2019-10404

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

Cross site scripting

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

CVE-2019-10404

CVE-2019-10404 affects Jenkins core prior to 2.196 (and LTS prior to 2.176.3) where the reason text shown in queue item tooltips isn’t escaped, leading to stored XSS when an actor can influence parts of the blocked-queue reason (e.g., label expressions). Affected versions: Jenkins 2.196 and earli...