Lucene search
+L

160 matches found

Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.5 views

PT-2022-3231 · Unknown · Edgexfoundry

Name of the Vulnerable Software and Affected Versions: EdgeXFoundry versions prior to 2.1.1 Description: The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users, bypassing access controls on message bus credentials when running in security-enabled mode. This...

5.9CVSS6.9AI score0.00308EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.58 views

Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK that is used to collect and provide feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from not limiting the number of log entries...

5.5CVSS5.7AI score0.00252EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/10 2:13 p.m.7 views

keepalived: dbus access control bypass

A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass...

5.5CVSS5.7AI score0.01159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/11 12:0 a.m.5 views

PT-2022-6752 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: avahi affected versions not specified Description: A flaw in the avahi library allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. This issue is related to an uncontrolled resource consumption, which can be...

6.2CVSS6.7AI score0.00453EPSS
Exploits2References85
ATTACKERKB
ATTACKERKB
added 2022/03/22 11:15 a.m.3 views

CVE-2021-45809

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the --script=...

10CVSS6AI score0.01623EPSS
Exploits1References2
OSV
OSV
added 2022/01/20 7:51 p.m.8 views

USN-5244-1 dbus vulnerability

Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...

7.8CVSS7.1AI score0.00331EPSS
Exploits0References2
CNVD
CNVD
added 2022/01/06 12:0 a.m.40 views

Discourse Input Validation Error Vulnerability (CNVD-2022-05507)

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

6.8CVSS3.8AI score0.00828EPSS
Exploits1References1
NVD
NVD
added 2022/01/04 8:15 p.m.37 views

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

6.8CVSS0.00828EPSS
Exploits1References2
OSV
OSV
added 2022/01/04 8:15 p.m.32 views

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

6.8CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2022/01/04 7:35 p.m.43 views

CVE-2021-43850 Denial of Service in discourse

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

6.8CVSS6.7AI score0.00828EPSS
Exploits1References2
CVE
CVE
added 2022/01/04 7:35 p.m.72 views

CVE-2021-43850

Discourse CVE-2021-43850 affects Discourse (open source forum platform). The vulnerability allows an admin to trigger a Denial of Service by visiting the /message-bus/_diagnostics path, with greater impact on multisite deployments. A patch is available: upgrade to Discourse 2.8.0.beta10 or 2.7.12...

6.8CVSS6.5AI score0.00828EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.6 views

Discourse 输入验证错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

6.8CVSS5.6AI score0.00828EPSS
Exploits1References3
NVD
NVD
added 2021/12/17 7:15 p.m.22 views

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

6.5CVSS0.01869EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/25 12:0 a.m.4 views

Keepalived 安全漏洞

Keepalived is a set of routing software written in C by the Keepalived organization. The software is primarily used for load balancing and fault detection, among other things. Keepalived 2.2.4 suffers from a security vulnerability that stems from a D-Bus policy that does not sufficiently restrict...

5.5CVSS6.2AI score0.01159EPSS
Exploits0References12
OSV
OSV
added 2021/07/08 2:15 p.m.6 views

CVE-2021-25433

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal...

5.5CVSS6.1AI score0.00223EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/07/06 11:31 a.m.4 views

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS7.2AI score0.22193EPSS
Exploits37References6
RedHat Linux
RedHat Linux
added 2021/06/22 2:57 p.m.4 views

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS7.2AI score0.22193EPSS
Exploits37References6
OSV
OSV
added 2021/06/22 11:2 a.m.4 views

OESA-2021-1230 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync...

7.8CVSS6.7AI score0.22193EPSS
Exploits37References2
RedHat Linux
RedHat Linux
added 2021/06/03 11:15 a.m.3 views

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS7.2AI score0.22193EPSS
Exploits37References6
RedHat Linux
RedHat Linux
added 2021/06/03 10:11 a.m.2 views

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS7.2AI score0.22193EPSS
Exploits37References6
Rows per page
Query Builder