Filtered by vendor Freedesktop Subscriptions
Filtered by product Dbus Subscriptions

Search

Switch to Advanced Search (Beta)
Total 24 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-42011 3 Fedoraproject, Freedesktop, Redhat 4 Fedora, Dbus, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
CVE-2022-42010 3 Fedoraproject, Freedesktop, Redhat 4 Fedora, Dbus, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
CVE-2020-35512 2 Freedesktop, Linux 2 Dbus, Linux Kernel 2024-11-21 7.8 High
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
CVE-2020-12049 3 Canonical, Freedesktop, Redhat 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more 2024-11-21 5.5 Medium
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.