Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dbus
(Freedesktop)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-08 | CVE-2020-12049 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | Ubuntu_linux, Dbus | 5.5 | ||
| 2011-06-22 | CVE-2011-2533 | The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | Dbus | N/A | ||
| 2008-12-09 | CVE-2008-4311 | The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | Dbus | N/A | ||
| 2008-10-07 | CVE-2008-3834 | The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | Dbus, Dbus1\.0, Dbus1\.1\.0 | N/A |