Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d-bus d-bus vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2018-8885
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._chec...
Canonical Screen-resolution-extra 0.17.2
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
1.9
CVSSv2
CVE-2013-2168
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x prior to 1.4.26, 1.6.x prior to 1.6.12, and 1.7.x prior to 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
Freedesktop Dbus 1.4.18
Freedesktop Dbus 1.4.24
Freedesktop Dbus 1.4.12
Freedesktop Dbus 1.4.6
Freedesktop Dbus 1.4.16
Freedesktop Dbus 1.4.8
Freedesktop Dbus 1.4.14
Freedesktop Dbus 1.4.1
Freedesktop Dbus 1.4.0
Freedesktop Dbus 1.4.20
Freedesktop Dbus 1.4.10
Freedesktop Dbus 1.4.4
Freedesktop Dbus 1.7.0
Freedesktop Dbus 1.7.2
Freedesktop Dbus 1.6.4
Freedesktop Dbus 1.6.0
Freedesktop Dbus 1.6.10
Freedesktop Dbus 1.6.16
Freedesktop Dbus 1.6.8
Freedesktop Dbus 1.6.6
Freedesktop Dbus 1.6.2
Opensuse Opensuse 12.3
NA
CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.re...
Redhat Subscription-manager
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.6
Redhat Enterprise Linux For Ibm Z Systems Eus 8.6
4.6
CVSSv2
CVE-2013-1065
backend.py in Jockey prior to 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pk...
Martin Pitt Jockey
Martin Pitt Jockey 0.9.7-0ubuntu7.8
Martin Pitt Jockey 0.9.7-0ubuntu7.1
Martin Pitt Jockey 0.9.7-0ubuntu7.6
Martin Pitt Jockey 0.9.7-0ubuntu7.5
Martin Pitt Jockey 0.9.7-0ubuntu7.4
Martin Pitt Jockey 0.9.7-0ubuntu7.3
Martin Pitt Jockey 0.9.7-0ubuntu7.9
Martin Pitt Jockey 0.9.7-0ubuntu7.7
Martin Pitt Jockey 0.9.7-0ubuntu7.2
Martin Pitt Jockey 0.9.7-0ubuntu7
Canonical Ubuntu Linux 12.04
6.9
CVSSv2
CVE-2020-15238
Blueman is a GTK+ Bluetooth Manager. In Blueman prior to 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower...
Blueman Project Blueman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
4.6
CVSSv2
CVE-2013-1064
apt-xapian-index prior to 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1...
Canonical Apt-xapian-index 0.44ubuntu7.1
Canonical Apt-xapian-index 0.44ubuntu5.1
Canonical Apt-xapian-index
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
7.2
CVSSv2
CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug exists in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is pres...
Flatpak Flatpak
Debian Debian Linux 10.0
NA
CVE-2022-31615
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
Nvidia Gpu Display Driver
4.6
CVSSv2
CVE-2013-1063
usb-creator 0.2.47 prior to 0.2.47.1, 0.2.40 prior to 0.2.40ubuntu2, and 0.2.38 prior to 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject...
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Evan Dandrea Usb-creator 0.2.47
Evan Dandrea Usb-creator 0.2.40
Evan Dandrea Usb-creator 0.2.38
Evan Dandrea Usb-creator 0.2.38.1
4.6
CVSSv2
CVE-2013-1062
ubuntu-system-service 0.2.4 prior to 0.2.4.1. 0.2.3 prior to 0.2.3.1, and 0.2.2 prior to 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject ...
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Michael Vogt Ubuntu-system-service 0.2.3
Michael Vogt Ubuntu-system-service 0.2.2
Michael Vogt Ubuntu-system-service 0.2.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »