247 matches found
USN-6843-1: Plasma Workspace vulnerability
Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code...
FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based...
Updated plasma-workspace packages fix security vulnerability
KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...
MGASA-2024-0214 Updated plasma-workspace packages fix security vulnerability
KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...
CVE-2024-36041
KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...
UBUNTU-CVE-2024-36041
KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...
SUSE CVE-2024-36041
KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...
plasma[56]-plasma-workspace -- Unauthorized users can access session manager
David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature ...
AZL-40340 CVE-2024-1929 affecting package dnf5 for versions less than 5.1.11-3
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...
PT-2024-10421 · Kde +4 · Kde Plasma Workspace +4
Name of the Vulnerable Software and Affected Versions: KDE Plasma Workspace versions prior to 5.27.11.1 KDE Plasma Workspace 6.x versions prior to 6.0.5.1 Description: The issue allows connections via ICE based purely on the host, i.e., all local connections are accepted. This enables another use...
PT-2024-18431 · Unknown +1 · Dnf5Daemon-Server +1
Name of the Vulnerable Software and Affected Versions: dnf5daemon-server versions before 5.1.17 Description: The issue concerns a local root exploit via a configuration dictionary in the dnf5daemon-server. It affects confidentiality and integrity. The org.rpm.dnf.v0.SessionManager.open session...
The vulnerability of the Windows Local Session Manager component of the Windows operating system allows a hacker to trigger a service failure.
The vulnerability of the Windows Local Session Manager component exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
CVE-2022-44684
Windows Local Session Manager LSM Denial of Service Vulnerability...
CVE-2022-44684
Windows Local Session Manager LSM Denial of Service Vulnerability...
CVE-2022-44684
Windows Local Session Manager LSM Denial of Service Vulnerability...
Denial of service
Windows Local Session Manager LSM Denial of Service Vulnerability...
CVE-2022-44684
CVE-2022-44684 affects Windows Local Session Manager (LSM). The issue stems from insufficient input validation in the LSM component, enabling denial-of-service via remote exploitation. Impact is a system denial of service; CVSS v3.1 base score 6.5 (Network, Low privileges, No user interaction). A...
CVE-2022-44684 Windows Local Session Manager (LSM) Denial of Service Vulnerability
...
Microsoft Windows Security Vulnerabilities
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows Local Session Manager. The following products and editions are affected: Windows 10 Version 21H1,Windows Server 2022,Window...
Minimal `basti` IAM Policy Allows Shell Access
Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...