28 matches found
EUVD-2022-52797
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-31213
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file. CVE-2022-31213 Not...
CentOS 9 : dbus-broker-28-6.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dbus-broker-28-6.el9 build changelog. - An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contai...
CentOS 9 : dbus-broker-28-7.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the dbus- broker-28-7.el9 build changelog. - An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
GLSA-202305-04 : dbus-broker: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-04 dbus-broker: Multiple Vulnerabilities - An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a...
Amazon Linux 2023 : dbus-broker (ALAS2023-2023-080)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-080 advisory. An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec lin...
CVE-2023-24055
KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has...
Privilege escalation
supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...
CVE-2022-4428 support_uri validation missing in WARP client for Windows
supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...
CVE-2022-4428
supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...
Oracle Linux 9 : dbus-broker (ELSA-2022-6608)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6608 advisory. 28-5.1 - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yam...
dbus-broker security update
28-5.1 - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213...
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
Null pointer dereference
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...
CVE-2022-31213
CVE-2022-31213 affects dbus-broker prior to 31, with multiple NULL pointer dereferences when a malformed XML config is supplied. Related advisory entries also reference CVE-2022-31212 (buffer over-read on parsing the Exec line). Impact is high (availability) per CVSS, and several distributions li...
Denial Of Service (DoS)
dbus-broker is vulnerable to denial of service DoS attacks. A malicious user is able to trigger a null pointer deference via a malformed XML config file, causing the application to crash...