Lucene search
K

113 matches found

Vulnrichment
Vulnrichment
added 2024/11/26 3:21 p.m.18 views

CVE-2024-52337 Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS6.6AI score0.00298EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2024/11/26 3:21 p.m.36 views

CVE-2024-52337

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.2AI score0.00298EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/08 1:53 a.m.14 views

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

7.5CVSS7.3AI score0.00289EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 1:53 a.m.27 views

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

7.5CVSS8.2AI score0.00289EPSS
Exploits1References1
CVE
CVE
added 2024/05/08 1:53 a.m.61 views

CVE-2024-1929

CVE-2024-1929 is a local root vulnerability in dnf5daemon-server prior to 5.1.17. The issue stems from a D-Bus config map (open_session) where an untrusted nested config map under the key

8.4CVSS6.9AI score0.00289EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.26 views

EulerOS 2.0 SP8 : subscription-manager (EulerOS-SA-2024-1302)

According to the versions of the subscription-manager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.35 views

CentOS 7 : subscription-manager (RHSA-2023:4701)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/12/05 6:33 p.m.29 views

K000137798: Dbus Subscription Manager vulnerability CVE-2023-3899

Security Advisory Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By usi...

7.8CVSS8.3AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.24 views

Fedora 37 : subscription-manager (2023-0f2f9bc779)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f2f9bc779 advisory. Automatic update for subscription-manager-1.29.37-1.fc37. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.34 views

Fedora 38 : subscription-manager (2023-29a012c0db)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-29a012c0db advisory. Automatic update for subscription-manager-1.29.37-1.fc38. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2023/08/28 6:41 p.m.34 views

RLSA-2023:4706 Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Rocky Enterprise Software Foundation entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allow...

7.8CVSS7.7AI score0.00253EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2023/08/28 6:41 p.m.29 views

subscription-manager security update

An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

7.8CVSS6.2AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/28 12:0 a.m.21 views

Rocky Linux 8 : subscription-manager (RLSA-2023:4706)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4706 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

7.8CVSS8AI score0.00253EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2023/08/24 4:21 a.m.51 views

subscription-manager security update

An update is available for subscription-manager. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

7.8CVSS6.6AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.45 views

AlmaLinux 8 : subscription-manager (ALSA-2023:4706)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4706 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.11 views

Rocky Linux 9 : subscription-manager (RLSA-2023:4708)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4708 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

7.8CVSS8AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2023/08/23 11:15 a.m.21 views

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.6AI score0.00253EPSS
Exploits0References12
Prion
Prion
added 2023/08/23 11:15 a.m.33 views

Design/Logic Flaw

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

4.3CVSS7.5AI score0.00253EPSS
Exploits0References12Affected Software20
Vulnrichment
Vulnrichment
added 2023/08/23 10:49 a.m.5 views

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.6AI score0.00253EPSS
Exploits0References10
OSV
OSV
added 2023/08/23 10:49 a.m.10 views

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.1AI score0.00253EPSS
Exploits0References15
Rows per page
Query Builder