Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
service bus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0595
dbus-daemon in D-Bus prior to 1.0.3, and 1.1.x prior to 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL int...
Mandrakesoft Mandrake Linux 2007.1
Mandrakesoft Mandrake Linux 2008.0
Mandrakesoft Mandrake Linux 2007
Redhat Enterprise Linux 5.0
Mandrakesoft Mandrake Linux 2007.0 X86 64
Redhat Enterprise Linux 5
Fedoraproject Fedora 7
Freedesktop Dbus
7.8
CVSSv3
CVE-2022-31608
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclo...
Nvidia Gpu Display Driver
NA
CVE-2014-3637
D-Bus 1.3.0 up to and including 1.6.x prior to 1.6.24 and 1.8.x prior to 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
Freedesktop Dbus 1.6.4
Freedesktop Dbus 1.4.18
Freedesktop Dbus 1.6.0
Freedesktop Dbus 1.4.22
Freedesktop Dbus 1.5.6
Freedesktop Dbus 1.8.0
Freedesktop Dbus 1.5.8
Freedesktop Dbus 1.5.4
Freedesktop Dbus 1.5.10
Freedesktop Dbus 1.4.24
Freedesktop Dbus 1.4.12
Freedesktop Dbus 1.6.20
Freedesktop Dbus 1.6.10
Freedesktop Dbus 1.5.0
Freedesktop Dbus 1.6.12
Freedesktop Dbus 1.6.16
Freedesktop Dbus 1.4.6
Freedesktop Dbus 1.6.8
Freedesktop Dbus 1.4.16
Freedesktop Dbus 1.5.2
Freedesktop Dbus 1.3.0
Freedesktop Dbus 1.4.8
7.8
CVSSv3
CVE-2022-42260
NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosur...
Nvidia Virtual Gpu
Nvidia Cloud Gaming
Nvidia Gpu Display Driver
1 Article
7.8
CVSSv3
CVE-2018-19358
GNOME Keyring up to and including 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mec...
Gnome Gnome-keyring
1 Github repository
7.8
CVSSv3
CVE-2018-14424
The daemon in GDM up to and including 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local malicious user to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial ...
Gnome Gnome Display Manager
6.5
CVSSv3
CVE-2018-12560
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
Cantata Project Cantata
NA
CVE-2024-36950
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and...
5.4
CVSSv3
CVE-2021-44225
In Keepalived up to and including 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a sett...
Keepalived Keepalived
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2018-12561
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
Cantata Project Cantata
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »