MiracleLinux 8 : ibus-1.5.19-11.el8 (AXSA:2020-640:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-640:02 advisory. ibus: missing authorization allows local attacker to access the input bus of another user CVE-2019-14822 CVE-2019-14822 A flaw was discovered in ibus that...

EUVD-2024-27691

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: rust-busd-0.3.1-4.fc42

A D-Bus bus broker implementation...

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

CVE-2024-2746 Incomplete fix for CVE-2024-1929

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

D-Bus: Multiple Vulnerabilities

Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

SUSE CVE-2010-4352

Stack consumption vulnerability in D-Bus aka DBus before 1.4.1 allows local users to cause a denial of service daemon crash via a message containing many nested variants...

SUSE CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

SUSE CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

OESA-2021-1230 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkitsystembusnamegetcredssync...

DEBIAN-CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

Unspecified Vulnerability in D-BUS

D-BUS is a message bus system, which is mainly used for inter-process communication and remote process calls, etc. A security vulnerability exists in D-BUS that can be exploited by a local attacker to attack the system DBus daemon, resulting in a denial of service...

ibus defect vulnerability

ibus is an input framework for Linux/Unix platforms. A security vulnerability exists in ibus, which stems from a failure to configure the Dbus server settings correctly. A local attacker could use this vulnerability to intercept all keystrokes of an affected user, modify the input method engine, ...

Debian DSA-3099-1 : dbus - security update

Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the...

Debian Security Advisory DSA 3099-1 (dbus - security update)

Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the...

USN-2352-1 dbus vulnerabilities

Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

DEBIAN-CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service Exploit

No description provided by source. / cve-2008-3834.c D-Bus Daemon Denial of Service 1.2.4 Jon Oberheide [email protected] http://jon.oberheide.org Usage: $ gcc pkg-config dbus-1 --cflags cve-2008-3834.c pkg-config dbus-1 --libs -o cve-2008-3834 $ ./cve-2008-3834 Information:...

openSUSE Security Update : dbus-1 (openSUSE-SU-2011:0401-1)

Local users could crash the D-Bus daemon by sending a specially crafted message CVE-2010-4352. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dbus-1-4431. The text description of this plugin ...