CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42012 – dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly
https://notcve.org/view.php?id=CVE-2022-42012
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usa... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42010 – dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets
https://notcve.org/view.php?id=CVE-2022-42010
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42011 – dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type
https://notcve.org/view.php?id=CVE-2022-42011
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y ot... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 • CWE-129: Improper Validation of Array Index CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-12749 – dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass
https://notcve.org/view.php?id=CVE-2019-12749
11 Jun 2019 — dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 47EXPL: 0CVE-2014-3477 – Ubuntu Security Notice USN-2275-1
https://notcve.org/view.php?id=CVE-2014-3477
01 Jul 2014 — The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, envía un error AccessDenied al ... • http://advisories.mageia.org/MGASA-2014-0266.html •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-2533
https://notcve.org/view.php?id=CVE-2011-2533
22 Jun 2011 — The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. La secuencia de comandos de configuración de D-Bus (también conocido como DBus) v1.2.x antes de v1.2.28 permite a usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos en un archivo especificado en /tmp/. • http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2011-2200 – dbus: Local DoS via messages with non-native byte order
https://notcve.org/view.php?id=CVE-2011-2200
22 Jun 2011 — The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. La función _dbus_header_byteswap en dbus-marshal-header.c en D-Bus (también conocido como Dbus) v1.2.x antes de v1.2.28, v1.4.x an... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938 • CWE-20: Improper Input Validation •