35 matches found
PT-2024-17556 · Guangzhou Huayi Intelligent Technology · Jeewms
Name of the Vulnerable Software and Affected Versions: Guangzhou Huayi Intelligent Technology Jeewms version 1.0.0 Description: A critical issue affects the Druid Monitoring Interface component, specifically the file /jeewms war/webpage/system/druid/index.html, leading to improper authorization...
Medium: dbus
Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...
Medium: dbus
Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...
OESA-2023-1375 dbus security update
D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on...
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus this is a denial-of-service vulnerability. The fixed versions are 1.12.28 1.14.8 and 1.15.6.
...
SUSE CVE-2023-34969
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...
DEBIAN-CVE-2023-34969
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...
AZL-27178 CVE-2023-34969 affecting package dbus for versions less than 1.15.6-1
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...
UBUNTU-CVE-2023-34969
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...
Fishtank 路径遍历漏洞
Fishtank is a remote monitoring and control interface by Rentaro Matsukata, a personal developer in the U.S. A path traversal vulnerability exists in Fishtank 2015-06-24 and earlier versions, which stems from a failure of Flask's sendfile function to properly filter special elements in resource o...
The vulnerability of the monitoring and management interface of the Cisco FXOS operating system’s Cisco Firepower network interface, which allows a attacker to perform a CSRF attack
The vulnerability of the monitoring and management interface of the Cisco OS on the Cisco Firepower network switch involves insufficient protection when entering CSRF requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...
CVE-2020-28368
Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIGNLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
UBUNTU-CVE-2017-17449
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
Automated Evil Twin Attack: infernal-twin
Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a lapto...