Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...

Astra Linux - уязвимость в keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

Astra Linux - уязвимость в dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

...

OESA-2026-1854 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

CVE-2026-39959

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

EUVD-2026-20964

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

D-Bus 安全漏洞

D-Bus is an open-source implementation of the D-Bus specification. Security vulnerabilities exist in versions of D-Bus prior to 0.92.0, as well as in versions of Tmds.DBus.Protocol 0.92.0 and 0.21.3. These vulnerabilities stem from exposure to attacks by malicious D-Bus peers, which can lead to...

PT-2026-31658

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

DEBIAN-CVE-2026-34080

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

Important: Red Hat Security Advisory: udisks2 security update

An update for udisks2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

PT-2026-25531

Your package manager's D-Bus interface is root-privileged, always-on, and crashes instantly if you whisper the wrong locale at it. CVE-2026-3836. CVSS 7.5. No auth required. The tool patching your system was the hole. Upgrade dnf5 now. https://t.co/scoaPCnClG...

CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

Fedora 42 : dnf5 (2026-beac8e1f11)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-beac8e1f11 advisory. This release fixes CVE-2026-3836 a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. Tenable has extracted the...

Fedora 43 : dnf5 (2026-4e264a94a4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4e264a94a4 advisory. This release fixes CVE-2026-3836 a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client. Tenable has extracted the...

RHEL 10 : udisks2 (RHSA-2026:3476)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3476 advisory. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixe...

SUSE CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

MiracleLinux 9 : usbguard-1.0.0-10.el9.2 (AXSA:2023-5072:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5072:02 advisory. usbguard: Fix unauthorized access via D-Bus CVE-2019-25058 Tenable has extracted the preceding description block directly from the MiracleLinux security...

Fedora: Security Advisory (FEDORA-2026-63f333201f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...