Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-bus vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-18248
The add_job function in scheduler/ipp.c in CUPS prior to 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Apple Cups
7.2
CVSSv2
CVE-2011-1842
dbus_backend/lsd.py in the D-Bus backend in language-selector prior to 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument...
Ubuntu Language-selector 0.6.0
Ubuntu Language-selector 0.5.7
Ubuntu Language-selector 0.5.0
Ubuntu Language-selector 0.4.19
Ubuntu Language-selector 0.4.12
Ubuntu Language-selector 0.4.11
Ubuntu Language-selector 0.4.10
Ubuntu Language-selector 0.4.3
Ubuntu Language-selector 0.4.2.3
Ubuntu Language-selector 0.3.20
Ubuntu Language-selector 0.3.17
Ubuntu Language-selector 0.3.9
Ubuntu Language-selector 0.3.8
Ubuntu Language-selector 0.3.1
Ubuntu Language-selector 0.3.0
Ubuntu Language-selector 0.2.4
Ubuntu Language-selector 0.2.3
Ubuntu Language-selector 0.1.26
Ubuntu Language-selector 0.1.25
Ubuntu Language-selector 0.1.18
Ubuntu Language-selector 0.1.17
Ubuntu Language-selector 0.1.10
7.5
CVSSv2
CVE-2018-12562
An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home...
Cantata Project Cantata
7.2
CVSSv2
CVE-2011-0729
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector prior to 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) ...
Ubuntu Language-selector 0.6.4
Ubuntu Language-selector 0.6.3
Ubuntu Language-selector 0.6.2
Ubuntu Language-selector 0.6.1
Ubuntu Language-selector 0.4.16
Ubuntu Language-selector 0.4.15
Ubuntu Language-selector 0.4.14
Ubuntu Language-selector 0.4.13
Ubuntu Language-selector 0.4.2
Ubuntu Language-selector 0.4.1
Ubuntu Language-selector 0.4.0
Ubuntu Language-selector 0.3.21
Ubuntu Language-selector 0.3.5
Ubuntu Language-selector 0.3.4
Ubuntu Language-selector 0.3.3
Ubuntu Language-selector 0.3.2
Ubuntu Language-selector 0.2.0
Ubuntu Language-selector 0.1.30
Ubuntu Language-selector 0.1.29
Ubuntu Language-selector 0.1.28
Ubuntu Language-selector 0.1.27
Ubuntu Language-selector 0.1.14
6.8
CVSSv2
CVE-2009-4144
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote malicious users to obtain sensitive information or cause ...
Gnome Networkmanager 0.7.2
3.3
CVSSv2
CVE-2011-2533
The configure script in D-Bus (aka DBus) 1.2.x prior to 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
Freedesktop Dbus 1.2.4
Freedesktop Dbus 1.2.3
Freedesktop Dbus 1.2.1
Freedesktop Dbus 1.2.12
Freedesktop Dbus 1.2.14
Freedesktop Dbus 1.2.22
Freedesktop Dbus 1.2.20
Freedesktop Dbus 1.2.8
Freedesktop Dbus 1.2.18
Freedesktop Dbus 1.2.10
Freedesktop Dbus 1.2.26
Freedesktop Dbus 1.2.24
Freedesktop Dbus 1.2.16
Freedesktop Dbus 1.2.6
2.1
CVSSv2
CVE-2017-5084
Inappropriate implementation in image-burner in Google Chrome OS before 59.0.3071.92 allowed a local malicious user to read local files via dbus-send commands to a BurnImage D-Bus endpoint.
Google Chrome Os
4.6
CVSSv2
CVE-2019-12795
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs prior to 1.38.3, 1.40.x prior to 1.40.2, and 1.41.x prior to 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Not...
Gnome Gvfs
NA
CVE-2022-42010
An issue exists in D-Bus prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
Freedesktop Dbus
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-42011
An issue exists in D-Bus prior to 1.12.24, 1.13.x and 1.14.x prior to 1.14.4, and 1.15.x prior to 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of t...
Freedesktop Dbus
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »