Search for packages
| purl | pkg:deb/debian/dbus@1.10.32-0%2Bdeb9u1 |
| Next non-vulnerable version | 1.12.28-0+deb11u1 |
| Latest non-vulnerable version | 1.12.28-0+deb11u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1jvm-vs3z-aaan
Aliases: CVE-2023-34969 |
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. |
Affected by 0 other vulnerabilities. |
|
VCID-36vh-mccp-aaag
Aliases: CVE-2020-12049 |
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
Affected by 5 other vulnerabilities. |
|
VCID-3jg4-8sst-aaak
Aliases: CVE-2019-12749 |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
Affected by 5 other vulnerabilities. |
|
VCID-94n8-qj1g-aaam
Aliases: CVE-2022-42011 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-9b7n-9mwh-aaap
Aliases: CVE-2022-42012 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-qwyr-xm7c-aaah
Aliases: CVE-2022-42010 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqkm-aqvg-aaaj
Aliases: CVE-2020-35512 |
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3jg4-8sst-aaak | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
CVE-2019-12749
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:04:52.251524+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:59:20.561901+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:47:17.041238+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:47:05.157223+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:57:36.732185+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:28:37.675321+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:13:00.233630+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:40:40.215445+00:00 | Debian Oval Importer | Affected by | VCID-1jvm-vs3z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T10:59:41.928436+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T00:27:22.889235+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | None | 36.1.3 |
| 2025-06-21T00:22:11.326381+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | None | 36.1.3 |
| 2025-06-20T23:18:59.200138+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | None | 36.1.3 |
| 2025-06-20T23:12:31.543543+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | None | 36.1.3 |
| 2025-06-20T22:17:46.891699+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | None | 36.1.3 |
| 2025-06-20T20:48:23.479435+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | None | 36.1.3 |
| 2025-06-20T19:57:49.161718+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | None | 36.1.3 |
| 2025-06-08T12:29:05.122839+00:00 | Debian Oval Importer | Affected by | VCID-1jvm-vs3z-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:15:43.006814+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:09:34.963457+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:34:02.453897+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:31:02.702913+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T10:20:17.481660+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:32:19.610781+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:50:56.013614+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:21:42.613702+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:06:21.170679+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:57:22.956159+00:00 | Debian Oval Importer | Affected by | VCID-1jvm-vs3z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:32:00.034111+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T17:50:05.829034+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | None | 36.1.0 |
| 2025-06-07T17:45:01.297657+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | None | 36.1.0 |
| 2025-06-07T16:41:58.659466+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | None | 36.1.0 |
| 2025-06-07T16:35:38.218858+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | None | 36.1.0 |
| 2025-06-07T15:41:50.617023+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | None | 36.1.0 |
| 2025-06-07T14:19:51.196046+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | None | 36.1.0 |
| 2025-06-07T13:47:28.127095+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | None | 36.1.0 |
| 2025-04-12T20:59:05.244642+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:44:45.424890+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:41:20.727643+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:15:24.121536+00:00 | Debian Oval Importer | Affected by | VCID-1jvm-vs3z-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:01:28.249012+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:55:10.823947+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:18:28.915122+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:12:20.932830+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T16:01:16.520303+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:04:43.448554+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:23:22.526078+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:54:17.504826+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:38:59.353639+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:28:26.089612+00:00 | Debian Oval Importer | Affected by | VCID-1jvm-vs3z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:02:25.719310+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T16:26:41.664776+00:00 | Debian Oval Importer | Affected by | VCID-qwyr-xm7c-aaah | None | 36.0.0 |
| 2025-04-07T16:21:13.616928+00:00 | Debian Oval Importer | Affected by | VCID-9b7n-9mwh-aaap | None | 36.0.0 |
| 2025-04-07T15:14:24.271068+00:00 | Debian Oval Importer | Affected by | VCID-36vh-mccp-aaag | None | 36.0.0 |
| 2025-04-07T15:07:48.282185+00:00 | Debian Oval Importer | Affected by | VCID-vqkm-aqvg-aaaj | None | 36.0.0 |
| 2025-04-07T14:12:41.553085+00:00 | Debian Oval Importer | Affected by | VCID-94n8-qj1g-aaam | None | 36.0.0 |
| 2025-04-07T12:52:37.166211+00:00 | Debian Oval Importer | Affected by | VCID-3jg4-8sst-aaak | None | 36.0.0 |
| 2025-04-07T12:22:33.244455+00:00 | Debian Oval Importer | Fixing | VCID-3jg4-8sst-aaak | None | 36.0.0 |