Lucene search
K

119 matches found

FreeBSD
FreeBSD
added 2021/06/03 12:0 a.m.64 views

polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync

Cedric Buissart reports: The function polkitsystembusnamegetcredssync is used to get the uid and pid of the process requesting the action. It does this by sending the unique bus name of the requesting process, which is typically something like ":1.96", to dbus-daemon. These unique names are...

7.8CVSS0.7AI score0.22193EPSS
Exploits37References3
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.18 views

EulerOS Virtualization for ARM 64 3.0.6.0 : dbus (EulerOS-SA-2020-1903)

According to the version of the dbus packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file...

5.5CVSS6.6AI score0.00569EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/07/06 12:0 a.m.43 views

FreeBSD : dbus file descriptor leak (27616957-b084-11ea-937b-b42e99a1b9c3)

GitHub Security Lab reports : D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine. C Tenable...

5.5CVSS6.6AI score0.00569EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/06/08 12:0 a.m.23 views

CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

5.6AI score0.00569EPSS
Exploits1References10
AlpineLinux
AlpineLinux
added 2020/06/08 12:0 a.m.49 views

CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

5.5CVSS5.7AI score0.00569EPSS
Exploits1
Veracode
Veracode
added 2020/04/10 1:1 a.m.21 views

Denial Of Service (DoS)

dbus is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as...

4.6CVSS2.5AI score0.00386EPSS
Exploits0References18Affected Software1
NVD
NVD
added 2017/09/26 1:29 a.m.22 views

CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged git master on 2015-01-19,...

7.8CVSS7.8AI score0.00467EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/31 12:0 a.m.29 views

Mandriva Linux Security Advisory : dbus (MDVSA-2015:176)

Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly...

4.4CVSS7.1AI score0.00594EPSS
Exploits1References15
ArchLinux
ArchLinux
added 2014/11/23 12:0 a.m.45 views

dbus: denial of service

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning and does not fully prevent the attack described in the impact section below. Preventing that attack requires raising the system dbus-daemon's RLIMITNOFILE ulimit -n to a higher value...

2.1CVSS3.6AI score0.00594EPSS
Exploits1References3
OSV
OSV
added 2014/09/22 3:55 p.m.1 views

DEBIAN-CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomplete connections...

2.1CVSS4.4AI score0.00403EPSS
Exploits0References1
Prion
Prion
added 2014/09/22 3:55 p.m.14 views

Design/Logic Flaw

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomplete connections...

2.1CVSS6.5AI score0.00403EPSS
Exploits0References11Affected Software3
CVE
CVE
added 2014/09/22 3:0 p.m.102 views

CVE-2014-3639

CVE-2014-3639 affects dbus-daemon in D-Bus prior to 1.6.24 and 1.8.x prior to 1.8.8. The vulnerability allows local attackers to cause a denial of service through incomplete connection handling (large number of incomplete connections). Public details in connected Nessus advisories confirm the iss...

2.1CVSS5.8AI score0.00403EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2014/09/22 3:0 p.m.44 views

CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomplete connections...

2.1CVSS4AI score0.00403EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/09/17 12:0 a.m.27 views

CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomplete connections...

2.1CVSS6.7AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2014/09/17 12:0 a.m.3 views

UBUNTU-CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomplete connections...

2.1CVSS6.6AI score0.00403EPSS
Exploits0References4
Prion
Prion
added 2014/07/19 7:55 p.m.17 views

Design/Logic Flaw

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service disconnect via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor...

2.1CVSS6.4AI score0.00417EPSS
Exploits0References11Affected Software4
Tenable Nessus
Tenable Nessus
added 2014/07/09 12:0 a.m.36 views

Ubuntu 14.04 LTS : DBus vulnerabilities (USN-2275-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2275-1 advisory. Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local us...

4CVSS5.6AI score0.00446EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/07/04 12:0 a.m.35 views

FreeBSD : dbus -- multiple vulnerabilities (e6a7636a-02d0-11e4-88b6-080027671656)

Simon McVittie reports : Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...

2.1CVSS5.4AI score0.00446EPSS
Exploits0References4
OSV
OSV
added 2014/07/02 12:0 a.m.8 views

UBUNTU-CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service disconnect via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor...

2.1CVSS6.1AI score0.00417EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2014/07/02 12:0 a.m.27 views

dbus -- multiple vulnerabilities

Simon McVittie reports: Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...

2.1CVSS5.8AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder