Lucene search
K
FreedesktopDbus

24 matches found

CVE
CVE
added 2019/06/11 4:11 p.m.467 views

CVE-2019-12749

dbus vulnerability CVE-2019-12749 arises from symlink mishandling in the DBUS_COOKIE_SHA1 authentication path. A local attacker with write access to their home directory could abuse a ~/.dbus-keyrings symlink to coax a DBusServer of a different uid to read/write in unintended locations, enabling ...

7.1CVSS6.3AI score0.00555EPSS
CVE
CVE
added 2020/06/08 12:0 a.m.428 views

CVE-2020-12049

The CVE-2020-12049 issue affects dbus (libdbus/ dbus-daemon) where the DBusServer leaks file descriptors when a message exceeds the per-message limit, enabling a local attacker with access to the D-Bus system bus to exhaust fds and cause DoS. Affected versions are dbus >= 1.3.0 and

5.5CVSS5.4AI score0.00569EPSS
CVE
CVE
added 2021/02/15 4:8 p.m.315 views

CVE-2020-35512

CVE-2020-35512 is a use-after-free in D-Bus (multiple branches) that can crash or cause undefined behavior when usernames share a UID. IBM advisories reference this CVE across Cloud Pak for Business Automation, noting fixes via iFixes or upgrades (e.g., 24.0.1-IF004, 24.0.0-IF005, or 25.0.0-IF001...

7.8CVSS7.5AI score0.00331EPSS
CVE
CVE
added 2022/10/09 12:0 a.m.314 views

CVE-2022-42010

The CVE-2022-42010 issue affects D-Bus and can crash dbus-daemon and other libdbus-using programs when handling certain invalid type signatures. Affected series include D-Bus releases prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. The problem is triggered by auth...

6.5CVSS6.6AI score0.00831EPSS
CVE
CVE
added 2022/10/09 12:0 a.m.308 views

CVE-2022-42012

CVE-2022-42012 affects D-Bus and libdbus prior to updates that fix the crash: an authenticated attacker can crash dbus-daemon and berkeley programs using libdbus by sending a message with attached file descriptors in an unexpected format. This issue impacts D-Bus versions before 1.14.4 and 1.15.x...

6.5CVSS6.6AI score0.0131EPSS
CVE
CVE
added 2022/10/09 12:0 a.m.300 views

CVE-2022-42011

Summary: CVE-2022-42011 affects D-Bus before 1.12.24, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can crash dbus-daemon and other libdbus-using programs by processing a message where the array length is inconsistent with the element type. The issue is categor...

6.5CVSS6.6AI score0.0131EPSS
CVE
CVE
added 2023/06/08 12:0 a.m.174 views

CVE-2023-34969

CVE-2023-34969 affects the dbus package. D-Bus before 1.15.6 may allow an unprivileged user to crash dbus-daemon when a privileged user uses org.freedesktop.DBus.Monitoring to observe traffic; on the system bus this yields a denial-of-service. Affected versions are before 1.15.6; fixed in 1.12.28...

6.5CVSS6.5AI score0.01417EPSS
CVE
CVE
added 2014/10/25 8:0 p.m.127 views

CVE-2014-3636

CVE-2014-3636 affects D-Bus 1.3.0–1.6.x before 1.6.24 and 1.8.x before 1.8.8. Local attackers can cause a denial of service by (1) queuing the maximum number of file descriptors to prevent new connections and drop existing ones, or (2) triggering a disconnect via multiple messages that exceed the...

1.9CVSS6AI score0.00528EPSS
CVE
CVE
added 2014/11/18 3:0 p.m.116 views

CVE-2014-7824

CVE-2014-7824 affects D-Bus: vulnerable versions are D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2. The issue allows local users to cause a denial of service by queuing the maximum number of file descriptors, due to an incomplete fix for CVE-2014-3636. Affec...

2.1CVSS7.9AI score0.00594EPSS
CVE
CVE
added 2015/02/13 3:0 p.m.116 views

CVE-2015-0245

CVE-2015-0245 affects D-Bus where ActivationFailure signals could be forged by non-root processes due to improper validation of the signal source, enabling a local Denial of Service. The issue spans D-Bus 1.4.x–1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10. Reports in connecte...

1.9CVSS7.8AI score0.00273EPSS
CVE
CVE
added 2014/07/01 5:0 p.m.114 views

CVE-2014-3477

CVE-2014-3477 affects the D-Bus dbus-daemon. Local attackers can trigger a DoS (initialization failure/exit) or potentially a side‑channel attack by sending a D-Bus message to an inactive service. Affected are D-Bus/dbus-daemon versions: 1.2.x–1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4. M...

4CVSS6.2AI score0.00444EPSS
CVE
CVE
added 2008/02/29 7:0 p.m.113 views

CVE-2008-0595

CVE-2008-0595 affects dbus-daemon in D-Bus prior to 1.0.3 and in 1.1.x prior to 1.1.20, where send_interface attributes in security policy are recognized only for fully qualified method calls. This allows a local user to bypass intended access restrictions by making a method call with a NULL inte...

4.6CVSS5.2AI score0.00408EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.105 views

CVE-2014-3638

CVE-2014-3638 affects D-Bus: the bus_connections_check_reply function in config-parser.c allows a local user to cause a denial of service (CPU usage) by issuing a large number of method calls. Affected are D-Bus versions older than 1.6.24 and older than 1.8.8 in the 1.8.x line. Impact is limited ...

2.1CVSS5.8AI score0.00388EPSS
CVE
CVE
added 2014/07/19 7:0 p.m.102 views

CVE-2014-3533

CVE-2014-3533 affects the D-Bus project (dbus) components where dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allow local users to cause a denial of service by sending a crafted sequence that leads the dbus-daemon to forward a message containing an invalid file descriptor. The impact is a local...

2.1CVSS5.8AI score0.00417EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.102 views

CVE-2014-3639

CVE-2014-3639 affects dbus-daemon in D-Bus prior to 1.6.24 and 1.8.x prior to 1.8.8. The vulnerability allows local attackers to cause a denial of service through incomplete connection handling (large number of incomplete connections). Public details in connected Nessus advisories confirm the iss...

2.1CVSS5.8AI score0.00403EPSS
CVE
CVE
added 2008/10/07 7:0 p.m.101 views

CVE-2008-3834

Summary (CVE-2008-3834) In D-Bus libdbus prior to 1.2.4, the function dbus_signature_validate may trigger a failed assertion on a malformed signature, leading to a Denial of Service (application abort). Public advisories confirm the issue and reference a fix in version 1.2.4 or newer; multiple ve...

2.1CVSS5.2AI score0.04623EPSS
Web
CVE
CVE
added 2014/07/19 7:0 p.m.96 views

CVE-2014-3532

dbus CVE-2014-3532 affects dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 when run on Linux 2.6.37-rc4 or later. The flaw lets local attackers cause a denial of service by sending a message containing a file descriptor and then exceeding the maximum recursion depth before the initial message is ...

2.1CVSS5.9AI score0.00446EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.93 views

CVE-2014-3635

CVE-2014-3635 is an off-by-one vulnerability in D-Bus affecting 64-bit systems when max_message_unix_fds is odd, allowing local users to crash dbus-daemon or potentially execute code by sending one more file descriptor than the limit. It affects D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x b...

4.4CVSS7.7AI score0.00486EPSS
CVE
CVE
added 2011/06/22 10:0 p.m.88 views

CVE-2011-2200

CVE-2011-2200 affects D-Bus releases prior to: 1.2.28 (1.2.x), 1.4.12 (1.4.x), and 1.5.4 (1.5.x). The vulnerability lies in the _dbus_header_byteswap function in dbus-marshal-header.c, which mishandles a non-native byte order, enabling local users to cause denial of service (connection loss), dis...

4.6CVSS6AI score0.00386EPSS
CVE
CVE
added 2013/07/03 6:0 p.m.84 views

CVE-2013-2168

CVE-2013-2168 affects D-Bus (DBus) where the _dbus_printf_string_upper_bound function in dbus-sysdeps-unix.c can crash the service. A crafted message can cause a local denial of service (service crash). The advisory covers DBus 1.4.x < 1.4.26, 1.6.x < 1.6.12, and 1.7.x

1.9CVSS5.8AI score0.00383EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.84 views

CVE-2014-3637

CVE-2014-3637 affects D-Bus: versions 1.3.0–1.6.x before 1.6.24 and 1.8.x before 1.8.8 do not properly close connections for terminated processes, enabling local users to cause a denial of service via a D-Bus connection file descriptor. Publicly referenced documents (Nessus/OpenVAS plugins for va...

2.1CVSS5.9AI score0.00447EPSS
CVE
CVE
added 2009/04/27 5:43 p.m.83 views

CVE-2009-1189

The vulnerability CVE-2009-1189 affects the D-Bus library (libdbus) in versions before 1.2.14, due to incorrect logic in _dbus_validate_signature_with_reason (dbus-marshal-validate.c). This flaw allows remote attackers to spoof a signature via a crafted key. The issue stems from an incomplete fix...

3.6CVSS7.2AI score0.01332EPSS
CVE
CVE
added 2008/12/10 12:0 a.m.78 views

CVE-2008-4311

The CVE-2008-4311 issue affects D‑Bus (dbus) before 1.2.6 where the default system.conf rule set omits the send_type attribute. This can allow local users to bypass access controls by manipulating send_requested_reply (and potentially receive_requested_reply), enabling unauthorized message sendin...

4.6CVSS7.4AI score0.00409EPSS
CVE
CVE
added 2011/06/22 11:0 p.m.63 views

CVE-2011-2533

CVE-2011-2533 concerns D-Bus (DBus) 1.2.x prior to 1.2.28. The vulnerability arises in the configure script, enabling local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. The issue is a local privilege/overwrite risk, with the documented impact of arbitra...

3.3CVSS6.2AI score0.00286EPSS