EUVD-2024-51185

Malicious code in bioql PyPI...

CVE-2024-12907

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...

CVE-2024-12907 XSS in Kentico 7

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...

Kentico 安全漏洞

Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico version 7, which stems from the ability to send certain GET request parameters to the /CMSMMessages/AccessDenied.aspx endpoint, which can lead to a reflective cross-site scripti...

PT-2024-16332 · Apc · Powerchute Serial Shutdown

Name of the Vulnerable Software and Affected Versions: PowerChute Serial Shutdown affected versions not specified Description: The issue is related to an improper authentication vulnerability that could cause denial of access to the web interface when someone on the local network repeatedly...

RHEL 5 : dbus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dbus: incorrect use of send|receiverequestedreply policy rule attribute in system.conf CVE-2008-4311 -...

K17255: D-Bus vulnerability CVE-2014-3477

Security Advisory Description The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service...

Security Updates for Microsoft .NET Framework (July 2018) (deprecated)

This plugin has been deprecated due to Microsoft removing downloads to related KBs. These were removed due to Access Denied errors which have been resolved in later cumulative patches. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

Ubuntu 14.04 LTS : DBus vulnerabilities (USN-2275-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2275-1 advisory. Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local us...

USN-2275-1: DBus vulnerabilities

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. CVE-2014-3477 Alban Crequy discovered that dbus-daemon incorrectly handled certain...

Debian DSA-2971-1 : dbus - security update

Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-3477 Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an AccessDenied error to...

Design/Logic Flaw

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

CVE-2014-3477

CVE-2014-3477 affects the D-Bus dbus-daemon. Local attackers can trigger a DoS (initialization failure/exit) or potentially a side‑channel attack by sending a D-Bus message to an inactive service. Affected are D-Bus/dbus-daemon versions: 1.2.x–1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4. M...

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

PT-2014-1921 · Freedesktop.Org +3 · D-Bus +3

Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.2.x through 1.4.x D-Bus versions 1.6.x before 1.6.20 D-Bus versions 1.8.x before 1.8.10 Description: The issue allows local users to cause a denial of service or possibly conduct a side-channel attack via a D-Bus message to a...

CVE-2005-4355

Multiple cross-site scripting XSS vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the 1 Cat parameter in default.asp and the 2 accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained...