dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass

A flaw was found in dbus. The implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a /.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

[SECURITY] Fedora 31 Update: oddjob-0.34.6-1.fc31

oddjob is a D-Bus service which performs particular tasks for clients which connect to it and issue requests using the system-wide message bus...

[SECURITY] Fedora 32 Update: oddjob-0.34.6-1.fc32

oddjob is a D-Bus service which performs particular tasks for clients which connect to it and issue requests using the system-wide message bus...

The vulnerability of the Linux systemd initialization process, related to the access to memory after it is freed, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Linux systemd initialization process is related to an error in the handling of the queue after it is freed from memory. Asynchronous Polkit requests are executed when processing dbus messages. Exploiting this vulnerability allows an attacker to gain access to confidential...

The vulnerability of the input system for writing multiple languages in Unix-like operating systems, such as ibus, allows a intruder to gain unauthorized access to information and compromise its integrity.

The vulnerability of the input system for writing multiple languages in Unix-like operating systems, such as ibus, is related to the lack of authentication when the DBus server is configured incorrectly. Exploiting this vulnerability can allow a malicious individual to gain unauthorized access to...

Denial Of Service (DoS)

D-Bus is a system is vulnerable to denial of service DoS. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus and,...

Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540)

Summary FasterXML Jackson library is shipped as a component of IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published. Vulnerability Detai...

DEBIAN-CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

Discourse < 2.4.0.beta3 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities including CSRF flaws. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CentOS Update for dbus CESA-2019:1726 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket...

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges...

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges...

Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873)

Summary FasterXML Jackson library is shipped as a component of IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published. The Netcool/OMNIbus...

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges...

Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Jackson JSON library is shipped as a component of IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library. Information about security vulnerabilities affecting Jackson JSON library has been published. The Netcool/OMNIbus Transport Module Common Integration...

lastore-daemon D-Bus Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in lastore-daemon D-Bus. An attacker can exploit the vulnerability to perform an elevation of privilege and gain administrator user access...

DEBIAN-CVE-2017-18248

The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification...

UBUNTU-CVE-2017-18248

The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification...