Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2024-02-28 | 4.6 MEDIUM | N/A |
| The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | |||||
| CVE-2009-1189 | 1 Freedesktop | 1 Dbus | 2024-02-28 | 3.6 LOW | N/A |
| The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. | |||||
| CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2024-02-28 | 2.1 LOW | N/A |
| The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | |||||
| CVE-2008-0595 | 4 Fedoraproject, Freedesktop, Mandrakesoft and 1 more | 4 Fedora, Dbus, Mandrake Linux and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
| dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. | |||||