dbus

CVEs (19)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2014-3477	Xorg Dbus	Med	0.26	4.0	0.00	Jul 1, 2014	The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service…
CVE-2023-34969	D Bus Project dbus		0.00	—	0.01	Jun 8, 2023	D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to…
CVE-2022-42010	D Bus Project dbus		0.00	—	0.01	Oct 9, 2022	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
CVE-2022-42012	D Bus Project dbus		0.00	—	0.01	Oct 9, 2022	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
CVE-2022-42011	D Bus Project dbus		0.00	—	0.01	Oct 9, 2022	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size…
CVE-2015-0245	Xorg Dbus		0.00	—	0.00	Feb 13, 2015	D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving…
CVE-2014-3636	Xorg Dbus		0.00	—	0.01	Oct 25, 2014	D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple…
CVE-2014-3639	Xorg Dbus		0.00	—	0.00	Sep 22, 2014	The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
CVE-2014-3638	Xorg Dbus		0.00	—	0.00	Sep 22, 2014	The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVE-2014-3637	Xorg Dbus		0.00	—	0.00	Sep 22, 2014	D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVE-2014-3635	Xorg Dbus		0.00	—	0.00	Sep 22, 2014	Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code…
CVE-2014-3532	Xorg Dbus		0.00	—	0.00	Jul 19, 2014	dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum…
CVE-2013-2168	Xorg Dbus		0.00	—	0.00	Jul 3, 2013	The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
CVE-2011-2200	Xorg Dbus		0.00	—	0.00	Jun 22, 2011	The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain…
CVE-2010-4352	D Bus Project dbus		0.00	—	0.01	Dec 30, 2010	Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
CVE-2008-4311	Xorg Dbus		0.00	—	0.00	Dec 10, 2008	The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving…
CVE-2008-0595	Xorg Dbus		0.00	—	0.00	Feb 29, 2008	dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…
CVE-2006-6107	D Bus Project dbus		0.00	—	0.00	Dec 14, 2006	Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
CVE-2005-0201	D Bus Project dbus		0.00	—	0.00	Jun 29, 2005	D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

CVE-2014-3477MedJul 1, 2014
Xorg
Dbus
risk 0.26cvss 4.0epss 0.00
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service…
CVE-2023-34969Jun 8, 2023
D Bus Project
dbus
risk 0.00cvss —epss 0.01
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to…
CVE-2022-42010Oct 9, 2022
D Bus Project
dbus
risk 0.00cvss —epss 0.01
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
CVE-2022-42012Oct 9, 2022
D Bus Project
dbus
risk 0.00cvss —epss 0.01
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
CVE-2022-42011Oct 9, 2022
D Bus Project
dbus
risk 0.00cvss —epss 0.01
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size…
CVE-2015-0245Feb 13, 2015
Xorg
Dbus
risk 0.00cvss —epss 0.00
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving…
CVE-2014-3636Oct 25, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.01
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple…
CVE-2014-3639Sep 22, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.00
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
CVE-2014-3638Sep 22, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.00
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVE-2014-3637Sep 22, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.00
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVE-2014-3635Sep 22, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.00
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code…
CVE-2014-3532Jul 19, 2014
Xorg
Dbus
risk 0.00cvss —epss 0.00
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum…
CVE-2013-2168Jul 3, 2013
Xorg
Dbus
risk 0.00cvss —epss 0.00
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
CVE-2011-2200Jun 22, 2011
Xorg
Dbus
risk 0.00cvss —epss 0.00
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain…
CVE-2010-4352Dec 30, 2010
D Bus Project
dbus
risk 0.00cvss —epss 0.01
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
CVE-2008-4311Dec 10, 2008
Xorg
Dbus
risk 0.00cvss —epss 0.00
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving…
CVE-2008-0595Feb 29, 2008
Xorg
Dbus
risk 0.00cvss —epss 0.00
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…
CVE-2006-6107Dec 14, 2006
D Bus Project
dbus
risk 0.00cvss —epss 0.00
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
CVE-2005-0201Jun 29, 2005
D Bus Project
dbus
risk 0.00cvss —epss 0.00
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.