Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-bus project vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2021-23556
The package guake prior to 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus metho...
Guake-project Guake
4
CVSSv2
CVE-2018-12560
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
Cantata Project Cantata
6.5
CVSSv2
CVE-2018-12561
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
Cantata Project Cantata
NA
CVE-2022-40673
KDiskMark prior to 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
Kdiskmark Project Kdiskmark
Fedoraproject Fedora 36
7.5
CVSSv2
CVE-2018-12562
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home...
Cantata Project Cantata
6.5
CVSSv2
CVE-2018-12559
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing ...
Cantata Project Cantata
6
CVSSv2
CVE-2018-14345
An issue exists in SDDM up to and including 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display...
Sddm Project Sddm
9.3
CVSSv2
CVE-2015-1326
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
Python-dbusmock Project Python-dbusmock
7.2
CVSSv2
CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Midgard-project Midgard2 10.05.7.1
6.9
CVSSv2
CVE-2013-4327
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-201...
Systemd Project Systemd
Debian Debian Linux 7.0
Canonical Ubuntu Linux 13.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »