How severe is CVE-2024-34397?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.2 out of 10.

What type of vulnerability is CVE-2024-34397?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2024-34397 - MEDIUM Severity | CVSS 5.2

Vulnerability Description

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Related Vulnerabilities

CVE-2019-0388

MEDIUM

CVSS:5.3(Medium)

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

CWE-2902019

CVE-2019-18659

MEDIUM

CVSS:5.3(Medium)

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE Sy...

CWE-2902019

CVE-2019-20203

MEDIUM

CVSS:5.3(Medium)

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

CWE-2902019

CVE-2020-10136

MEDIUM

CVSS:5.3(Medium)

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected beha...

CWE-2902020

CVE-2020-10807

MEDIUM

CVSS:5.3(Medium)

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

CWE-2902020

CVE-2020-12272

MEDIUM

CVSS:5.3(Medium)

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing...

CWE-2902020