Lucene search
K

264 matches found

OSV
OSV
added 2025/03/25 11:15 p.m.14 views

AZL-59276 CVE-2025-30219 affecting package rabbitmq-server for versions less than 3.11.24-3

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.3AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/03/25 11:15 p.m.2 views

UBUNTU-CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.3AI score0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/25 10:55 p.m.21 views

CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 10:55 p.m.185 views

CVE-2025-30219

CVE-2025-30219 describes an XSS in RabbitMQ management UI where an unescaped virtual host name in an error message could allow script execution. Public advisories show patches for Open Source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, and 3.13.8. OpenSUSE/SUSE advisories (SUSE-SU-2025:01466-1; SUSE...

6.1CVSS6.7AI score0.00203EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/25 10:55 p.m.6 views

CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

6.1CVSS6.7AI score0.00203EPSS
Exploits0
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.3 views

RabbitMQ 跨站脚本漏洞

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent from the RabbitMQ open source. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 4.0.3, which stems from an unescaped virtual host name that could lead to the execution of arbitrary JavaScript code in ...

6.1CVSS6AI score0.00203EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.8 views

The vulnerability of the __vhost_worker_flush() function in the drivers/vhost/vhost.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the vhostworkerflush function in the drivers/vhost/vhost.c module of the Linux kernel is related to the occurrence of mutual locking. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.1AI score0.00227EPSS
Exploits0References9Affected Software3
Fedora
Fedora
added 2025/02/15 2:23 a.m.12 views

[SECURITY] Fedora 40 Update: nginx-mod-vts-0.2.3-3.fc40

Nginx virtual host traffic status module...

5.3CVSS4.6AI score0.02646EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/09 3:33 p.m.3 views

dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

7.4CVSS5.8AI score0.00551EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/01/09 3:21 p.m.8 views

dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

7.4CVSS5.8AI score0.00551EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/12/24 8:0 a.m.6 views

Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library

...

7.4CVSS7.1AI score0.00551EPSS
Exploits0
OSV
OSV
added 2024/12/18 9:15 a.m.5 views

AZL-54455 CVE-2024-11614 affecting package dpdk for versions less than 23.11.3-1

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

7.4CVSS7.1AI score0.00551EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.5 views

PT-2024-40073 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

7.1AI score
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.6 views

The vulnerability of the vhost_vdpa_probe() function in the vhost-vdpa component of Linux kernel allows a attacker to cause a service failure.

The vulnerability of the vhostvdpaprobe function in the vhost-vdpa component of Linux kernel modules is related to double memory deallocation errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00241EPSS
Exploits0References14Affected Software4
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.6 views

kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

5.5CVSS6.6AI score0.00236EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.6 views

The vulnerability of the implementation of the virtual host shell LSI53C895A SCSI emulator for hardware emulation software QEMU allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the implementation of the virtual host shell LSI53C895A SCSI emulation software for hardware support by QEMU is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

8.2CVSS7.8AI score0.0025EPSS
Exploits0References9Affected Software7
OSV
OSV
added 2024/10/21 6:15 p.m.2 views

UBUNTU-CVE-2024-49863

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 "vhost/scsi: Extract common handling code from control queue handler" a null pointer dereference bug can be triggered when guest sends an SCSI AN...

5.5CVSS6.2AI score0.00286EPSS
Exploits0References32
SUSE CVE
SUSE CVE
added 2024/10/21 3:46 p.m.8 views

SUSE CVE-2024-47748

In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: assign irq bypass producer token correctly We used to call irqbypassunregisterproducer in vhostvdpasetupvqirq which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References22
Microsoft CVE
Microsoft CVE
added 2024/10/12 7:0 a.m.2 views

vhost/vsock: always initialize seqpacket_allow

...

7.8CVSS6.7AI score0.00216EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.245 views

HTTP Virtual Host Brute Force Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework May I reuse some methods? require 'cgi' class MetasploitModule 'HTTP Virtual Host Brute Force Scanner', 'Description' = %q This module tries to identify unique virtual...

7.4AI score
Exploits0
Rows per page
Query Builder