Search for packages
| purl | pkg:deb/debian/dbus@1.2.24-4%2Bsqueeze3 |
| Next non-vulnerable version | 1.12.28-0+deb11u1 |
| Latest non-vulnerable version | 1.12.28-0+deb11u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3xuw-dhzm-m3ch
Aliases: CVE-2023-34969 |
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. |
Affected by 0 other vulnerabilities. |
|
VCID-7k7w-3qqm-uqdu
Aliases: CVE-2014-3639 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-8vfk-zhqb-d3dd
Aliases: CVE-2014-3637 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-9xu3-1pgw-gbey
Aliases: CVE-2014-3532 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-aq5z-m4n5-h7gv
Aliases: CVE-2011-2533 |
dbus: Possibility of symlink attack in /tmp during compilation |
Affected by 18 other vulnerabilities. |
|
VCID-by2x-bhb5-uqd5
Aliases: CVE-2014-3477 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-dqua-2uxr-kud1
Aliases: CVE-2022-42011 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. |
Affected by 0 other vulnerabilities. |
|
VCID-dy5k-tb9e-z3g2
Aliases: CVE-2014-3533 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-efkk-xtms-d7eh
Aliases: CVE-2020-35512 |
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors |
Affected by 0 other vulnerabilities. |
|
VCID-g2bx-h8p8-1fhe
Aliases: CVE-2014-3636 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-gs55-aefy-b3gg
Aliases: CVE-2022-42012 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. |
Affected by 0 other vulnerabilities. |
|
VCID-kscp-5zx9-z3dt
Aliases: CVE-2014-3638 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-n54v-jfjm-dbgk
Aliases: CVE-2014-7824 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-nm7j-w159-vyfq
Aliases: CVE-2014-3635 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-prfj-516y-hbdq
Aliases: CVE-2022-42010 |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. |
Affected by 0 other vulnerabilities. |
|
VCID-qkff-kx9p-w3dj
Aliases: CVE-2019-12749 |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
Affected by 7 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-st9x-9knp-j3f1
Aliases: CVE-2012-3524 |
Affected by 18 other vulnerabilities. |
|
|
VCID-v5fj-wrys-k7b6
Aliases: CVE-2020-12049 |
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
Affected by 5 other vulnerabilities. |
|
VCID-vhad-ne57-dycr
Aliases: CVE-2011-2200 |
Affected by 18 other vulnerabilities. |
|
|
VCID-yte2-6cc4-67cu
Aliases: CVE-2015-0245 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-zmbj-cr5t-8qb4
Aliases: CVE-2013-2168 |
Affected by 18 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||