Dbus@1.6.16 Security Vulnerabilities and Issues — Dbus@1.6.16 CVE List

Lucene search

FreedesktopDbus1.6.16

9 matches found

CVE•added 2015/02/13 3:59 p.m.•94 views

CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFa...

1.9CVSS7.8AI score0.00044EPSS

CVE•added 2014/11/18 3:59 p.m.•92 views

CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

2.1CVSS7.9AI score0.00097EPSS

CVE•added 2014/09/22 3:55 p.m.•91 views

CVE-2014-3638

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

2.1CVSS5.8AI score0.00101EPSS

CVE•added 2014/07/01 5:55 p.m.•88 views

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit)...

4CVSS6.2AI score0.00085EPSS

CVE•added 2014/09/22 3:55 p.m.•82 views

CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

2.1CVSS5.8AI score0.00092EPSS

CVE•added 2014/07/19 7:55 p.m.•81 views

CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

2.1CVSS5.8AI score0.00081EPSS

CVE•added 2014/09/22 3:55 p.m.•78 views

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more ...

4.4CVSS7.7AI score0.00173EPSS

CVE•added 2014/09/22 3:55 p.m.•71 views

CVE-2014-3637

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.

2.1CVSS5.9AI score0.00067EPSS

CVE•added 2013/07/03 6:55 p.m.•65 views

CVE-2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

1.9CVSS5.8AI score0.00093EPSS