Lucene search
K

2002 matches found

OSV
OSV
added 2026/07/03 7:24 p.m.2 views

SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.9AI score0.00175EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-58015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter...

7.5CVSS6AI score0.00418EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/30 1:2 p.m.7 views

EUVD-2026-40318

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS5.9AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 1:2 p.m.7 views

EUVD-2026-40319

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score0.00373EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/30 1:2 p.m.9 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score0.00373EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:2 p.m.6 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score0.00373EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/30 1:2 p.m.47 views

CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS0.00418EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 1:2 p.m.45 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS0.00373EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/06/30 1:2 p.m.5 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/06/30 1:2 p.m.5 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS5.8AI score0.00373EPSS
Exploits1References3
CVE
CVE
added 2026/06/30 1:2 p.m.22 views

CVE-2026-58015

CVE-2026-58015 affects GLib’s D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply a cookie_context with path traversal sequences. This can enable reading an arb...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53874

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in the D-Bus client-side implementation of the DBUS COOKIE SHA1 SASL authentication mechanism. The system fails to validate the cookie context parameter received from the server. A...

7.5CVSS6.1AI score0.00418EPSS
Exploits1References8
NVD
NVD
added 2026/06/22 4:16 p.m.8 views

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:32 p.m.8 views

EUVD-2026-38275

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:32 p.m.17 views

CVE-2026-41049

CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51336

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...

8.4CVSS5.8AI score0.00134EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...

5.5CVSS5.3AI score0.00203EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

openSUSE 16 Security Update : xdg-dbus-proxy (openSUSE-SU-2026:20934-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20934-1 advisory. This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 3:16 a.m.25 views

CVE-2026-54228

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS0.00103EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 3:16 a.m.19 views

CVE-2026-54229

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS0.00091EPSS
Exploits0References3
Rows per page
Query Builder