Vulnerabilities > Freedesktop > Dbus
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-08 | CVE-2023-34969 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. | 6.5 |
2022-10-10 | CVE-2022-42010 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2022-10-10 | CVE-2022-42011 | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2022-10-10 | CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2021-02-15 | CVE-2020-35512 | Use After Free vulnerability in Freedesktop Dbus 1.12.20 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. | 7.8 |
2020-06-08 | CVE-2020-12049 | Improper Resource Shutdown or Release vulnerability in multiple products An issue was discovered in dbus >= 1.3.0 before 1.12.18. | 5.5 |
2019-06-11 | CVE-2019-12749 | Link Following vulnerability in multiple products dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. | 7.1 |
2011-06-22 | CVE-2011-2533 | Link Following vulnerability in Freedesktop Dbus The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | 3.3 |
2008-12-10 | CVE-2008-4311 | Configuration vulnerability in Freedesktop Dbus The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | 4.6 |
2008-10-07 | CVE-2008-3834 | Improper Input Validation vulnerability in Freedesktop Dbus, Dbus1.0 and Dbus1.1.0 The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | 2.1 |