Lucene search
K

113 matches found

OSV
OSV
added 2023/08/23 10:49 a.m.10 views

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.1AI score0.00253EPSS
Exploits0References15
CVE
CVE
added 2023/08/23 10:49 a.m.556 views

CVE-2023-3899

CVE-2023-3899 affects subscription-manager. The vulnerability stems from the D-Bus interface com.redhat.RHSM1 exposing many methods to all users, allowing a low-privileged local user to tamper with registration state via Config.SetAll(). This enables arbitrary directives to /etc/rhsm/rhsm.conf, l...

7.8CVSS7.7AI score0.00253EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.34 views

AlmaLinux 9 : subscription-manager (ALSA-2023:4708)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4708 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/08/22 4:41 p.m.57 views

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.2AI score0.00253EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/08/22 4:35 p.m.49 views

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.2AI score0.00253EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/08/22 3:56 p.m.47 views

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as havin...

7.8CVSS7.2AI score0.00253EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.25 views

RHEL 8 : subscription-manager (RHSA-2023:4703)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4703 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...

7.8CVSS8AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.30 views

RHEL 8 : subscription-manager (RHSA-2023:4705)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4705 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...

7.8CVSS8AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.13 views

RHEL 8 : subscription-manager (RHSA-2023:4704)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4704 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...

7.8CVSS8AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.36 views

RHEL 9 : subscription-manager (RHSA-2023:4707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4707 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...

7.8CVSS8AI score0.00253EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.5 views

SUSE CVE-2012-2095

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message...

6.9CVSS6.7AI score0.00802EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-19358

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms involving the busconf...

7.8CVSS6.7AI score0.00554EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/03/18 12:1 a.m.32 views

Command injection in guake

Guake is a drop-down terminal for GNOME. The package guake before 3.8.5 is vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command vi...

8CVSS3.7AI score0.01113EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/03/17 12:15 p.m.22 views

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS6.9AI score
Exploits0References5
OSV
OSV
added 2022/03/17 12:15 p.m.31 views

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS3.8AI score0.01113EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/03/17 11:20 a.m.18 views

CVE-2021-23556 Exposed Dangerous Method or Function

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

6.4CVSS8.1AI score0.01113EPSS
Exploits1References5
CVE
CVE
added 2022/03/17 11:20 a.m.108 views

CVE-2021-23556

Guake is vulnerable before version 3.8.5 to Exposed Dangerous Method or Function due to exposure of execute_command and execute_command_by_uuid via the D-Bus interface, allowing a malicious user to run an arbitrary command. Exploitation requires the attacker to have or trigger another malicious p...

8CVSS7AI score0.01113EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2022/03/17 11:20 a.m.50 views

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS7.9AI score0.01113EPSS
Exploits1
OSV
OSV
added 2022/03/15 9:12 a.m.9 views

ALBA-2022:0901 firewalld bug fix and enhancement update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Bug Fixes and Enhancements: firewall-cmd takes hours when adding 55K ipsets BZ2046343...

7.2AI score
Exploits0
AlmaLinux
AlmaLinux
added 2022/03/15 9:12 a.m.19 views

firewalld bug fix and enhancement update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Bug Fixes and Enhancements: firewall-cmd takes hours when adding 55K ipsets BZ2046343...

2.3AI score
Exploits0
Rows per page
Query Builder