264 matches found
AZL-59276 CVE-2025-30219 affecting package rabbitmq-server for versions less than 3.11.24-3
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...
UBUNTU-CVE-2025-30219
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...
CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...
CVE-2025-30219
CVE-2025-30219 describes an XSS in RabbitMQ management UI where an unescaped virtual host name in an error message could allow script execution. Public advisories show patches for Open Source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, and 3.13.8. OpenSUSE/SUSE advisories (SUSE-SU-2025:01466-1; SUSE...
CVE-2025-30219
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...
RabbitMQ 跨站脚本漏洞
RabbitMQ is a feature-rich multi-protocol messaging and streaming agent from the RabbitMQ open source. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 4.0.3, which stems from an unescaped virtual host name that could lead to the execution of arbitrary JavaScript code in ...
The vulnerability of the __vhost_worker_flush() function in the drivers/vhost/vhost.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the vhostworkerflush function in the drivers/vhost/vhost.c module of the Linux kernel is related to the occurrence of mutual locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
[SECURITY] Fedora 40 Update: nginx-mod-vts-0.2.3-3.fc40
Nginx virtual host traffic status module...
dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...
dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...
Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
...
AZL-54455 CVE-2024-11614 affecting package dpdk for versions less than 23.11.3-1
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...
PT-2024-40073 · Apache +1 · Apache +1
Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...
The vulnerability of the vhost_vdpa_probe() function in the vhost-vdpa component of Linux kernel allows a attacker to cause a service failure.
The vulnerability of the vhostvdpaprobe function in the vhost-vdpa component of Linux kernel modules is related to double memory deallocation errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()
A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...
The vulnerability of the implementation of the virtual host shell LSI53C895A SCSI emulator for hardware emulation software QEMU allows a perpetrator to escalate their privileges and execute arbitrary code.
The vulnerability of the implementation of the virtual host shell LSI53C895A SCSI emulation software for hardware support by QEMU is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
UBUNTU-CVE-2024-49863
In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 "vhost/scsi: Extract common handling code from control queue handler" a null pointer dereference bug can be triggered when guest sends an SCSI AN...
SUSE CVE-2024-47748
In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: assign irq bypass producer token correctly We used to call irqbypassunregisterproducer in vhostvdpasetupvqirq which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the...
vhost/vsock: always initialize seqpacket_allow
...
HTTP Virtual Host Brute Force Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework May I reuse some methods? require 'cgi' class MetasploitModule 'HTTP Virtual Host Brute Force Scanner', 'Description' = %q This module tries to identify unique virtual...