Wordpress BookingPress bookingpress_front_get_category_services SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...

OESA-2024-2027 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as t...

OESA-2024-1989 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as t...

OESA-2024-1990 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as t...

Microsoft Windows App Installer 安全漏洞

Microsoft Windows App Installer is a tool from Microsoft Corporation USA that ships with the Windows 10 and Windows 11 operating systems and allows users to easily install applications by double-clicking on a .msix or .msixbundle file. The tool supports centralized installation of applications fr...

OESA-2024-1962 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 "s390/qeth: fix deadlock during recovery" removed taking disciplinemutex inside qethdoreset,...

kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQDMOVEPCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next...

CVE-2024-42350

The CVE describes a public-key confusion in Biscuit’s third-party blocks: a forged ThirdPartyBlock request can cause a third-party authority to generate datalog trusting the wrong keypair, enabling an attacker to embed a trusted annotation in tokens. The issue arises from how the block request co...

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

AZL-60094 CVE-2024-7409 affecting package qemu for versions less than 6.2.0-26

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

UBUNTU-CVE-2024-7409

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...

CVE-2024-7409

CVE-2024-7409 affects QEMU’s NBD server. The flaw is caused by improper synchronization during socket closure when a client keeps a socket open as the server goes offline, enabling potential DoS. Connected advisories/feeds indicate multiple vendors have released security updates (e.g., Debian, SU...

QEMU NBD Server 安全漏洞

QEMU NBD Server is a QEMU disk network block device server that is open source from QEMU. A security vulnerability exists in QEMU NBD Server that originates from a client keeping a socket open when the server is offline, which can be used to launch a denial-of-service attack via incorrect...

DEBIAN-CVE-2021-47624

In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpcsysfsxprtstatechange The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", the function simply...

When Failing Over to a SQL Mirrored Database, the Provisioning Server Shows as Offline and is Unable to Connect

When failing over to a SQL Mirrored Database, the Provisioning Server shows offline and is unable to connect...

Vdisk shows “No Server” for size in the PVS Console

When viewing a vdisk in the PVS Console the size will show as "No Server". The following error also appears when using XenDesktop Setup Wizard: A required PVS server in the selected site is offline or there is no server assigned to a required store...

Important: ipa

Issue Overview: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key...

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

git security update

An update is available for git. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

CVE-2024-38271

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiF...