Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2024/12/08 12:0 a.m.7 views

PT-2024-17556 · Guangzhou Huayi Intelligent Technology · Jeewms

Name of the Vulnerable Software and Affected Versions: Guangzhou Huayi Intelligent Technology Jeewms version 1.0.0 Description: A critical issue affects the Druid Monitoring Interface component, specifically the file /jeewms war/webpage/system/druid/index.html, leading to improper authorization...

6.9CVSS5.6AI score0.006EPSS
Exploits0References9
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Medium: dbus

Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...

6.5CVSS6.9AI score0.01417EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Medium: dbus

Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...

6.5CVSS6.9AI score0.01417EPSS
Exploits1
OSV
OSV
added 2023/06/27 11:5 a.m.4 views

OESA-2023-1375 dbus security update

D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on...

6.5CVSS6.9AI score0.01417EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2023/06/21 7:0 a.m.3 views

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus this is a denial-of-service vulnerability. The fixed versions are 1.12.28 1.14.8 and 1.15.6.

...

6.5CVSS6.7AI score0.01417EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/06/09 2:32 a.m.5 views

SUSE CVE-2023-34969

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...

4.7CVSS5.6AI score0.01417EPSS
Exploits1References33
OSV
OSV
added 2023/06/08 3:15 a.m.2 views

DEBIAN-CVE-2023-34969

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...

6.5CVSS6.5AI score0.01417EPSS
Exploits1References1
OSV
OSV
added 2023/06/08 3:15 a.m.5 views

AZL-27178 CVE-2023-34969 affecting package dbus for versions less than 1.15.6-1

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...

6.5CVSS6.7AI score0.01417EPSS
Exploits1References1
OSV
OSV
added 2023/06/08 3:15 a.m.2 views

UBUNTU-CVE-2023-34969

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...

6.5CVSS6.8AI score0.01417EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.4 views

Fishtank 路径遍历漏洞

Fishtank is a remote monitoring and control interface by Rentaro Matsukata, a personal developer in the U.S. A path traversal vulnerability exists in Fishtank 2015-06-24 and earlier versions, which stems from a failure of Flask's sendfile function to properly filter special elements in resource o...

9.3CVSS5.8AI score0.01118EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/12/18 12:0 a.m.4 views

The vulnerability of the monitoring and management interface of the Cisco FXOS operating system’s Cisco Firepower network interface, which allows a attacker to perform a CSRF attack

The vulnerability of the monitoring and management interface of the Cisco OS on the Cisco Firepower network switch involves insufficient protection when entering CSRF requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

10CVSS7.8AI score0.0055EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/11/10 6:17 p.m.31 views

CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...

4.4CVSS5AI score0.00393EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/04/10 3:34 a.m.7 views

kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

4.7CVSS6.6AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2017/12/06 12:0 a.m.3 views

UBUNTU-CVE-2017-17449

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

4.7CVSS6.7AI score0.00436EPSS
Exploits0References11
n0where
n0where
added 2015/09/06 4:27 p.m.23 views

Automated Evil Twin Attack: infernal-twin

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a lapto...

1.7AI score
Exploits0References1
Rows per page
Query Builder