59 matches found
Astra Linux - уязвимость в wpa
A issue was discovered in Ubuntu wpasupplicant, resulting in the loading of arbitrary shared objects. This allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of wpasupplica...
[SECURITY] Fedora 43 Update: PackageKit-1.3.4-3.fc43
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...
udisks2 security update
An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Udisks project provides a daemon, tools, and libraries to access and...
RLSA-2026:3476 Important: udisks2 security update
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization Che...
Linux Distros Unpatched Vulnerability : CVE-2026-26104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occu...
CVE-2025-66005 Lack of Authentication in the InputManager D-Bus interface
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...
Linux Distros Unpatched Vulnerability : CVE-2025-68276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users...
EUVD-2020-8094
Malware in sbrugna...
EUVD-2017-11810
Malware in sbrugna...
Unity Linux 20.1070e Security Update: bluez (UTSA-2025-680645)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680645 advisory. An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. Tenable...
udisks: Out-of-bounds read in UDisks Daemon
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...
udisks: Out-of-bounds read in UDisks Daemon
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...
CVE-2025-8067 Udisks: out-of-bounds read in udisks daemon
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...
libudisks -- Udisks: out-of-bounds read in udisks daemon
[email protected] reports: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it...
PT-2025-35093
Name of the Vulnerable Software and Affected Versions Udisks versions prior to the fix included in SlackwareLinux security advisory. Description A flaw exists in the Udisks daemon that allows unprivileged users to create loop devices via the D-BUS system. This is due to insufficient validation of...
Linux Distros Unpatched Vulnerability : CVE-2018-19358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, ...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
AZL-53676 CVE-2024-52337 affecting package tuned for versions less than 2.15.0-5
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
DEBIAN-CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...