2002 matches found
Medium: evolution-data-server
Issue Overview: The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service can exploit this issue in order to gain arbitrary file deletion on the host...
Amazon Linux 2023 : evolution-data-server, evolution-data-server-devel, evolution-data-server-langpacks (ALAS2023-2026-1451)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1451 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service...
RockyLinux 10 : udisks2 (RLSA-2026:3476)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3476 advisory. udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization...
RLSA-2026:3476 Important: udisks2 security update
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization Che...
udisks2 security update
An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Udisks project provides a daemon, tools, and libraries to access and...
Important: Red Hat Security Advisory: udisks2 security update
An update for udisks2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...
CVE-2026-26103
The CVE-2026-26103 issue affects the udisks2 daemon (block device management) where a missing authorization check on the RestoreEncryptedHeader() D-Bus API allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite LUKS encryption headers. This can permanently invalida...
Linux Distros Unpatched Vulnerability : CVE-2026-26104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occu...
virt:ol and virt-devel:ol security and bug fix update
hivex libguestfs libguestfs-winsupport 8.8-2 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236373 libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm 6.2.0-33 - CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshak...
EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-1166)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an...
Azure Linux 3.0 Security Update: accountsservice (CVE-2023-3297)
The version of accountsservice installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3297 advisory. - In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerabilit...
MiracleLinux 8 : glib2-2.56.4-8.el8 (AXSA:2020-523:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-523:01 advisory. ibus: missing authorization allows local attacker to access the input bus of another user CVE-2019-14822 CVE-2019-14822 A flaw was discovered in ibus that...
MiracleLinux 8 : dbus-1.12.8-10.el8 (AXSA:2020-545:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-545:02 advisory. dbus: denial of service via file descriptor leak CVE-2020-12049 CVE-2020-12049: An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in...
MiracleLinux 9 : dbus-1.12.20-7.el9 (AXSA:2023-4874:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4874:04 advisory. dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets CVE-2022-42010 dbus: dbus-daemon can be...
MiracleLinux 8 : keepalived-2.1.5-8.el8.ML.1 (AXSA:2022-3396:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3396:02 advisory. keepalived: dbus access control bypass CVE-2021-44225 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : usbguard-1.0.0-8.el8.2 (AXSA:2023-4807:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4807:01 advisory. usbguard: Fix unauthorized access via D-Bus CVE-2019-25058 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : dbus-1.12.8-23.el8.1 (AXSA:2023-4786:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4786:03 advisory. dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets CVE-2022-42010 dbus: dbus-daemon can be...
MiracleLinux 7 : dbus-1.10.24-15.el7 (AXSA:2020-600:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-600:03 advisory. dbus: DBusServer DBUSCOOKIESHA1 authentication bypass CVE-2019-12749 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 9 : avahi-0.8-15.el9 (AXSA:2023-6723:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6723:02 advisory. avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket CVE-2021-3468 avahi: reachable assertion in...