Astra Linux - уязвимость в flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...

SUSE CVE-2005-0201

D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...

SUSE CVE-2009-4641

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

OESA-2021-1404 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. Security Fixes: In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-...

SUSE-SU-2017:0292-1 Security update for dbus-1

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...

openSUSE Security Update : dbus-1 (openSUSE-2016-1269)

This update for dbus-1 to version 1.8.22 fixes several issues. This security issue was fixed : - boo1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. These non-security issues were fixed : - boo978477: Correctly reset timeouts for pending fi...

SUSE-SU-2016:2565-1 Security update for dbus-1

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...

MGASA-2015-0405 Updated dbus packages fixes security vulnerability

Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...

Mandriva Update for gnome-screensaver MDVSA-2010:040 (gnome-screensaver)

Check for the Version of gnome-screensaver OpenVAS Vulnerability Test Mandriva Update for gnome-screensaver MDVSA-2010:040 gnome-screensaver Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

DEBIAN-CVE-2009-4641

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

Code injection

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

DEBIAN-CVE-2009-4642

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

CVE-2009-4641

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

Ubuntu 4.10 : dbus vulnerability (USN-144-1)

Besides providing the global system-wide communication bus, dbus also offers per-user 'session' buses which applications in an user's session can create and use to communicate with each other. Daniel Reed discovered that the default configuration of the session dbus allowed a local user to connec...

CVE-2005-0201

D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...

CVE-2005-0201

D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...

CVE-2005-0201

CVE-2005-0201 affects D-BUS (dbus) before 0.22, where insufficient socket access restriction allows a local user to listen to or send arbitrary messages on another user’s per-user session bus if the socket address is known. This is a local-privilege/confidentiality issue. Connected advisories ind...

Mandrake Linux Security Advisory : dbus (MDKSA-2005:105)

Dan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user's per-user session bus if they knew the address of the socket. The updated packages have been patched to correct this problem...

security flaw

D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...

[SA14119] D-BUS Session Bus Hijack Vulnerability

TITLE: D-BUS Session Bus Hijack Vulnerability SECUNIA ADVISORY ID: SA14119 VERIFY ADVISORY: http://secunia.com/advisories/14119/ CRITICAL: Less critical IMPACT: Hijacking WHERE: Local system SOFTWARE: D-BUS 0.x http://secunia.com/product/4599/ DESCRIPTION: Daniel Reed has reported a vulnerability...