2002 matches found
SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy
This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
Linux Distros Unpatched Vulnerability : CVE-2026-58015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter...
EUVD-2026-40318
A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...
EUVD-2026-40319
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58016
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58015
A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...
CVE-2026-58016
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58015
CVE-2026-58015 affects GLib’s D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply a cookie_context with path traversal sequences. This can enable reading an arb...
PT-2026-53874
Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in the D-Bus client-side implementation of the DBUS COOKIE SHA1 SASL authentication mechanism. The system fails to validate the cookie context parameter received from the server. A...
CVE-2026-41049
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
EUVD-2026-38275
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
CVE-2026-41049
CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...
PT-2026-51336
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...
SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...
openSUSE 16 Security Update : xdg-dbus-proxy (openSUSE-SU-2026:20934-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20934-1 advisory. This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
CVE-2026-54228
A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...
CVE-2026-54229
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...