63 matches found
USN-8424-1: Ubuntu Kylin Software Center vulnerability
It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...
EUVD-2018-4519
Malware in sbrugna...
EUVD-2018-4521
Malware in sbrugna...
EUVD-2018-4522
Malware in sbrugna...
EUVD-2021-8642
Malicious code in bioql PyPI...
EUVD-2024-41582
Malicious code in bioql PyPI...
The vulnerability of the application for publishing director entries in the share_directory domain of the REDEOS operating system allows a perpetrator to elevate their privileges and execute arbitrary commands.
The vulnerability of the application for publishing director entries in the sharedirectory domain of the REDEOS operating system is related to insecure management of privileges during the execution of the D-Bus service. Exploiting this vulnerability allows an attacker to increase their privileges...
PT-2025-14: Local privilege escalation in RED OS
The vulnerability was identified in RedOS, versions MUROM 7.3.5. The discovered vulnerability of the application for publishing directories in the sharedirectory domain is related to the lack of verification of the user privilege accessing the D-Bus service. Exploitation of the vulnerability may...
ROS-20250513-01
Vulnerability of directory publishing application in domain sharedirectory is related to the lack of verification of the of a user accessing the D-Bus service. Exploitation of the vulnerability could allow an attacker to to execute arbitrary operating system commands. Information about the...
CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
CVE-2024-45752
CVE-2024-45752 affects logiops (up to 0.3.4); a misconfigured or unrestricted D-Bus interface in the logid daemon permits any unprivileged user to reconfigure the daemon, enabling privilege escalation via malicious keyboard macros. The vulnerability is local (AV:L/AC:L/PR:N/UI:R) with low exploit...
CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
CVE-2023-39391
Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality...
SUSE CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
SUSE CVE-2018-12561
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...
Moderate: Red Hat Security Advisory: dbus security update
An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
USN-5169-1: oddjob vulnerability
Matthias Gerstner discovered that there was a race condition in the mkhomedir tool shipped with the oddjob package. An authenticated attacker could use this to setup a symlink attack and change permissions on files on the host filesystem...