Filtered by vendor Freedesktop
Subscriptions
Filtered by product Dbus
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12049 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Dbus | 2023-06-12 | 5.5 Medium |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | ||||
| CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2017-09-29 | N/A |
| The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | ||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2017-08-29 | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | ||||
| CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2017-08-08 | N/A |
| The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | ||||