CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2014-3637 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3637
17 Sep 2014 — D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. D-Bus 1.3.0 hasta 1.6.x anterior a 1.6.24 y 1.8.x anterior a 1.8.8 no cierra correctamente las conexiones para procesos que hayan terminado, lo que permite a usuarios locales causar una denegación de servicio a través de un mensaje D-bus que contiene un de... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3635 – Mandriva Linux Security Advisory 2014-214
https://notcve.org/view.php?id=CVE-2014-3635
17 Sep 2014 — Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. Error por un paso en D-Bus 1.3.0 hasta la versión 1.6.x en versiones anteriores a 1.6.24 y 1.8.x en versiones an... • http://advisories.mageia.org/MGASA-2014-0395.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3532 – Mandriva Linux Security Advisory 2014-148
https://notcve.org/view.php?id=CVE-2014-3532
03 Jul 2014 — dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6, cuando funciona en Linux 2.6.37-rc4 o posteriores, permite a usuarios locales causar una denegación de servicio (desconexión... • http://advisories.mageia.org/MGASA-2014-0294.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3533 – Mandriva Linux Security Advisory 2014-148
https://notcve.org/view.php?id=CVE-2014-3533
03 Jul 2014 — dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegación de servicio (desconexión) a través de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenvíe un mensaje que contiene un descriptor de fichero... • http://advisories.mageia.org/MGASA-2014-0294.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 47EXPL: 0CVE-2014-3477 – Ubuntu Security Notice USN-2275-1
https://notcve.org/view.php?id=CVE-2014-3477
01 Jul 2014 — The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, envía un error AccessDenied al ... • http://advisories.mageia.org/MGASA-2014-0266.html •