Lucene search
+L

104 matches found

OSV
OSV
added 2019/11/26 6:15 p.m.1 views

DEBIAN-CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

8.1CVSS6.9AI score0.04187EPSS
Exploits1References1
NVD
NVD
added 2019/11/25 12:15 p.m.22 views

CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

7.1CVSS6.8AI score0.00365EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/11/25 11:1 a.m.45 views

CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

6.8AI score0.00365EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/16 4:38 a.m.5 views

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.9CVSS6.7AI score0.01938EPSS
Exploits0References5
OSV
OSV
added 2019/09/21 11:7 a.m.5 views

MGASA-2019-0284 Updated ibus packages fix security vulnerability

It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...

7.1CVSS6.8AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/18 12:0 a.m.19 views

SUSE SLED15 / SLES15 Security Update : ibus (SUSE-SU-2019:2387-1)

This update for ibus fixes the following issues : Security issue fixed : CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. bsc1150011 Note that Tenable Network Security has extracted the...

7.1CVSS6.9AI score0.00365EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/09/13 7:0 a.m.22 views

CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

7.1CVSS6.8AI score0.00365EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/07/08 12:0 a.m.34 views

openSUSE Security Update : gvfs (openSUSE-2019-1699)

This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls bsc1137930. - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of...

8.1CVSS6.3AI score0.0184EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2019/07/03 5:22 a.m.40 views

CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...

7.8CVSS2.8AI score0.00388EPSS
Exploits0References3
Prion
Prion
added 2019/06/11 10:29 p.m.20 views

Authorization

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...

4.6CVSS7.2AI score0.00388EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2019/06/11 12:0 a.m.35 views

CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...

7.8CVSS7.1AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/05/29 12:0 a.m.4 views

PT-2019-2632 · Gnome +7 · Gnome Gvfs +7

Name of the Vulnerable Software and Affected Versions: GNOME gvfs versions prior to 1.38.3 GNOME gvfs versions 1.40.x prior to 1.40.2 GNOME gvfs versions 1.41.x prior to 1.41.3 Description: The issue is related to errors in the authorization procedure of the GVFS subsystem in the GNOME desktop...

9.3CVSS6.5AI score0.18108EPSS
Exploits15References341
Positive Technologies
Positive Technologies
added 2018/06/19 12:0 a.m.6 views

PT-2018-10312 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue concerns the mishandling of access control in certain configuration files, potentially allowing remote authenticated users to call arbitrary methods, which could lead to remote...

8.8CVSS8.5AI score0.02436EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2017/03/21 2:48 p.m.36 views

Critical Moodle Vulnerability Could Lead to Server Compromise

A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the...

7.5CVSS0.1AI score0.1453EPSS
Exploits4References15
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.7 views

php: Stack consumption vulnerability in Zend/zend_exceptions.c

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

7.5CVSS7.3AI score0.03881EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2016/09/11 9:59 p.m.26 views

CVE-2016-3884

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441...

5.5CVSS6.5AI score0.00439EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.30 views

CVE-2016-3884

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441...

5.5AI score0.00439EPSS
Exploits0References4
exploitpack
exploitpack
added 2016/09/08 12:0 a.m.18 views

Adobe Flash - Method Calls Use-After-Free

Adobe Flash - Method Calls Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=846 If a method is called on a MovieClip, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a...

0.6AI score
Exploits0
0day.today
0day.today
added 2016/09/08 12:0 a.m.15 views

Adobe Flash - Method Calls Use-After-Free

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=846 If a method is called on a MovieClip, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/04/28 12:0 a.m.33 views

Attention! Struts 2 s2-0 3 2 remote code is again a wave of black rhythm-vulnerability warning-the black bar safety net

1. Description: Struts 2 is the Struts of the next generation of products, is in the struts 1 and WebWork technology based on a merge of the new Struts 2 framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the...

0.5AI score
Exploits0
Rows per page
Query Builder