Lucene search

K

5 matches found

CVE
CVE
added 2019/06/11 5:29 p.m.435 views

CVE-2019-12749

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus...

7.1CVSS6.3AI score0.00041EPSS
CVE
CVE
added 2022/10/10 12:15 a.m.294 views

CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

6.5CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2022/10/10 12:15 a.m.291 views

CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

6.5CVSS6.6AI score0.00092EPSS
CVE
CVE
added 2022/10/10 12:15 a.m.284 views

CVE-2022-42011

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

6.5CVSS6.6AI score0.00091EPSS
CVE
CVE
added 2008/02/29 7:44 p.m.92 views

CVE-2008-0595

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

4.6CVSS5.2AI score0.00048EPSS