CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

CVE-2024-1929

CVE-2024-1929 is a local root vulnerability in dnf5daemon-server prior to 5.1.17. The issue stems from a D-Bus config map (open_session) where an untrusted nested config map under the key

CVE-2024-1929 Local Root Exploit via Configuration Dictionary

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.opensession...

EulerOS 2.0 SP8 : subscription-manager (EulerOS-SA-2024-1302)

According to the versions of the subscription-manager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bu...

CentOS 7 : subscription-manager (RHSA-2023:4701)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

K000137798: Dbus Subscription Manager vulnerability CVE-2023-3899

Security Advisory Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By usi...

Fedora 37 : subscription-manager (2023-0f2f9bc779)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f2f9bc779 advisory. Automatic update for subscription-manager-1.29.37-1.fc37. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

Fedora 38 : subscription-manager (2023-29a012c0db)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-29a012c0db advisory. Automatic update for subscription-manager-1.29.37-1.fc38. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

subscription-manager security update

An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

RLSA-2023:4706 Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Rocky Enterprise Software Foundation entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allow...

Rocky Linux 8 : subscription-manager (RLSA-2023:4706)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4706 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

subscription-manager security update

An update is available for subscription-manager. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

AlmaLinux 8 : subscription-manager (ALSA-2023:4706)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4706 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

Rocky Linux 9 : subscription-manager (RLSA-2023:4708)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4708 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

Design/Logic Flaw

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

CVE-2023-3899

CVE-2023-3899 affects subscription-manager. The vulnerability stems from the D-Bus interface com.redhat.RHSM1 exposing many methods to all users, allowing a low-privileged local user to tamper with registration state via Config.SetAll(). This enables arbitrary directives to /etc/rhsm/rhsm.conf, l...

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...