PT-2026-49074

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD OPEN READONLY and calls dd chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allo...

USN-8424-1: Ubuntu Kylin Software Center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

USN-8424-1 ubuntu-kylin-software-center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

EUVD-2018-4519

Malware in sbrugna...

EUVD-2018-4521

Malware in sbrugna...

EUVD-2018-4522

Malware in sbrugna...

EUVD-2021-8642

Malicious code in bioql PyPI...

EUVD-2024-41582

Malicious code in bioql PyPI...

PT-2025-14: Local privilege escalation in RED OS

The vulnerability was identified in RedOS, versions MUROM 7.3.5. The discovered vulnerability of the application for publishing directories in the sharedirectory domain is related to the lack of verification of the user privilege accessing the D-Bus service. Exploitation of the vulnerability may...

ROS-20250513-01

Vulnerability of directory publishing application in domain sharedirectory is related to the lack of verification of the of a user accessing the D-Bus service. Exploitation of the vulnerability could allow an attacker to to execute arbitrary operating system commands. Information about the...

CVE-2024-45752

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...

CVE-2024-45752

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...

CVE-2024-45752

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...

CVE-2024-45752

CVE-2024-45752 affects logiops (up to 0.3.4); a misconfigured or unrestricted D-Bus interface in the logid daemon permits any unprivileged user to reconfigure the daemon, enabling privilege escalation via malicious keyboard macros. The vulnerability is local (AV:L/AC:L/PR:N/UI:R) with low exploit...

CVE-2024-45752

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...

CVE-2024-45752

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...

SUSE CVE-2018-12561

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...

USN-5169-1: oddjob vulnerability

Matthias Gerstner discovered that there was a race condition in the mkhomedir tool shipped with the oddjob package. An authenticated attacker could use this to setup a symlink attack and change permissions on files on the host filesystem...

Mageia: Security Advisory (MGASA-2018-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : flatpak Vulnerability (NS-SA-2021-0096)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has flatpak packages installed that are affected by a vulnerability: - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that...