Canonical Apport 安全漏洞

Canonical Apport is a toolkit from Canonical UK that is used to collect and provide feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Canonical Apport that stems from not limiting the number of log entries...

keepalived: dbus access control bypass

A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass...

PT-2022-6752 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: avahi affected versions not specified Description: A flaw in the avahi library allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. This issue is related to an uncontrolled resource consumption, which can be...

USN-5244-1 dbus vulnerability

Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...

Discourse Input Validation Error Vulnerability (CNVD-2022-05507)

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

CVE-2021-43850

Discourse CVE-2021-43850 affects Discourse (open source forum platform). The vulnerability allows an admin to trigger a Denial of Service by visiting the /message-bus/_diagnostics path, with greater impact on multisite deployments. A patch is available: upgrade to Discourse 2.8.0.beta10 or 2.7.12...

CVE-2021-43850 Denial of Service in discourse

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the /message-bus/diagnostics path. The impact of this vulnerability is greater on multisite Discourse instances where multiple forums are served from a singl...

Discourse 输入验证错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

Keepalived 安全漏洞

Keepalived is a set of routing software written in C by the Keepalived organization. The software is primarily used for load balancing and fault detection, among other things. Keepalived 2.2.4 suffers from a security vulnerability that stems from a D-Bus policy that does not sufficiently restrict...

CVE-2021-25433

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal...

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

OESA-2021-1230 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync...

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

D-Bus: Denial of service

Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact An attacker could possibly cause a Denial of Service condition or trigger oth...

Blueman Injection Vulnerability

Blueman is a graphical Bluetooth management tool for the GNOME desktop environment from the Blueman team. The main functions are: sending files, browsing files on the device, viewing information about local or remote devices, configuring local devices, managing bindings, binding services, etc...