MiracleLinux 4 : dbus-1.2.24-7.AXS4 (AXSA:2012-954:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-954:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

MiracleLinux 3 : dbus-1.0.0-7AXS3.1 (AXSA:2009-08:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-08:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging...

CVE-2025-68276

A flaw was found in Avahi, a system that facilitates service discovery on a local network. An unprivileged local user can exploit this vulnerability by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can lead to a Denial of Service DoS by crashing the avahi-daemo...

AZL-74271 CVE-2025-68276 affecting package avahi for versions less than 0.8-5

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

CVE-2025-68276 Avahi has a reachable assertion in avahi_wide_area_scan_cache

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

CVE-2025-68276

CVE-2025-68276 affects Avahi (mDNS/DNS-SD service discovery). The issue allows an unprivileged local user to crash the avahi-daemon (with wide-area disabled) by creating record browsers that set the AVAHI_LOOKUP_USE_WIDE_AREA flag via D‑Bus, either through RecordBrowserNew or browsers that create...

CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

CVE-2022-31066

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...

UBUNTU-CVE-2025-59529

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

CLSA-2025-1762179202 glib2: Fix of CVE-2024-34397

CVE-2024-34397: fix GDBus signal subscriptions from unicast spoofing...

Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

EUVD-2021-2612

Malware in sbrugna...

EUVD-2023-39008

Malicious code in bioql PyPI...

EUVD-2022-6047

Malicious code in bioql PyPI...

glib2: Signal subscription vulnerabilities

A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the...

UBUNTU-CVE-2025-8067

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...

📄 Discourse 3.1.1 Unauthenticated Chat Message Access

Proof of concept exploit for Discourse version 3.1.1 that provides unauthenticated chat message access. !/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @...

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

SUSE CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...