CVE-2026-39959 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

GHSA-XRW6-GWF8-VVR9 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

MiracleLinux 8 : dbus-1.12.8-24.el8.1 (AXSA:2023-6317:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6317:06 advisory. dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered CVE-2023-34969 CVEs: CVE-2023-34969 Tenable h...

MiracleLinux 8 : dbus-1.12.8-23.el8.1 (AXSA:2023-4786:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4786:03 advisory. dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets CVE-2022-42010 dbus: dbus-daemon can be...

MiracleLinux 7 : dbus-1.10.24-15.el7 (AXSA:2020-600:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-600:03 advisory. dbus: DBusServer DBUSCOOKIESHA1 authentication bypass CVE-2019-12749 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : dbus-1.12.8-10.el8 (AXSA:2020-545:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-545:02 advisory. dbus: denial of service via file descriptor leak CVE-2020-12049 CVE-2020-12049: An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in...

MiracleLinux 4 : dbus-1.2.24-4.AXS4 (AXSA:2011-116:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-116:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

Unity Linux 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-991247)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991247 advisory. dde-daemonDBus Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not tested for this issue...

TencentOS Server 3: dbus (TSSA-2022:0097)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

JLSEC-2025-18 An issue was discovered in dbus >= 1.3.0 before 1.12.18

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

JLSEC-2025-21 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ...

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

EUVD-2012-1283

Malware in sbrugna...

EUVD-2019-4335

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-8849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. CVE-2017-8849 Note tha...

NewStart CGSL MAIN 6.02 : dbus Vulnerability (NS-SA-2024-0062)

The remote NewStart CGSL host, running version MAIN 6.02, has dbus packages installed that are affected by a vulnerability: - An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection dbus-monitor, busctl monitor, gdbus monitor, or similar is...

RHEL 7 : dbus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dbus: denial of service when forwarding invalid file descriptors CVE-2014-3533 - The dbus-daemon in D-Bus...

USN-6372-1 dbus vulnerability

It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...

Oracle Linux 8 : dbus (ELSA-2019-3707)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3707 advisory. 1.12.8-9.0.1 - fix netlink poll: error 4 Zhenzhong Duan 1:1.12.8-9 - Ensure that patches are applied 1725570 1:1.12.8-8 - Fix CVE-2019-12749 1725570 Tenable has...

Rocky Linux 9 : dbus (RLSA-2023:4569)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4569 advisory. - D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the...