Reachable assertion in dbus_set_host_name

...

The vulnerability of the instance_create function in the monitoring and adaptive configuration of system devices allows a perpetrator to execute arbitrary code.

The vulnerability of the instancecreate function in the monitoring and adaptive configuration of system devices related to tuned systems lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary code with root...

CVE-2023-1981

...

GO-2022-0491 Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go...

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system allows a hacker to execute arbitrary commands on behalf of the dbus user.

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious acto...

avahi: avahi-daemon can be crashed via DBus

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash...

avahi: avahi-daemon can be crashed via DBus

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash...

AZL-31850 CVE-2023-38471 affecting package avahi for versions less than 0.8-3

A vulnerability was found in Avahi. A reachable assertion exists in the dbussethostname function...

PT-2023-29429 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There...

USN-6190-2 accountsservice vulnerability

USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker...

AZL-37046 CVE-2023-3899 affecting package subscription-manager 1.29.30-2

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection dbus-monitor, busctl monitor, gdbus monitor, or similar is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. ...

Fedora: Security Advisory for dbus (FEDORA-2023-c95d3f825f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6129-1 avahi vulnerability

It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service...

Avahi 资源管理错误漏洞

Avahi is a suite of native service discovery tools for Linux. A security vulnerability exists in Avahi that stems from the avahi-daemon process potentially crashing on the DBus message bus...

OESA-2023-1240 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

UBUNTU-CVE-2023-1981

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash...

SUSE CVE-2008-3834

The dbussignaturevalidate function in the D-bus library libdbus before 1.2.4 allows remote attackers to cause a denial of service application abort via a message containing a malformed signature, which triggers a failed assertion error...

SUSE CVE-2011-2533

The configure script in D-Bus aka DBus 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/...