LOW1.9
Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
Severity:
Closed issues (18)
LOW2.1
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
LOW2.1
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
LOW2.1
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
LOW2.1
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
LOW2.1
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
LOW1.9
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить доступность защищаемой информации
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM6.8
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PMEDIUM4.0
Уязвимость системы межпроцессорного взаимодействия D-Bus, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.0
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LCVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
LOW1.9
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
- http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
- http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/53317
- http://secunia.com/advisories/53832
- http://www.debian.org/security/2013/dsa-2707
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
- http://www.openwall.com/lists/oss-security/2013/06/13/2
- http://www.securityfocus.com/bid/60546
- http://www.securitytracker.com/id/1028667
- http://www.ubuntu.com/usn/USN-1874-1
- https://bugzilla.redhat.com/show_bug.cgi?id=974109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
- http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
- http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/53317
- http://secunia.com/advisories/53832
- http://www.debian.org/security/2013/dsa-2707
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
- http://www.openwall.com/lists/oss-security/2013/06/13/2
- http://www.securityfocus.com/bid/60546
- http://www.securitytracker.com/id/1028667
- http://www.ubuntu.com/usn/USN-1874-1
- https://bugzilla.redhat.com/show_bug.cgi?id=974109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
MEDIUM4.0
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 4.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LReferences
- http://advisories.mageia.org/MGASA-2014-0266.html
- http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://seclists.org/oss-sec/2014/q2/509
- http://secunia.com/advisories/59428
- http://secunia.com/advisories/59611
- http://secunia.com/advisories/59798
- http://www.debian.org/security/2014/dsa-2971
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.securityfocus.com/bid/67986
- https://bugs.freedesktop.org/show_bug.cgi?id=78979
- http://advisories.mageia.org/MGASA-2014-0266.html
- http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://seclists.org/oss-sec/2014/q2/509
- http://secunia.com/advisories/59428
- http://secunia.com/advisories/59611
- http://secunia.com/advisories/59798
- http://www.debian.org/security/2014/dsa-2971
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.securityfocus.com/bid/67986
- https://bugs.freedesktop.org/show_bug.cgi?id=78979
MEDIUM4.4
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
CVSS 2.0MEDIUM 4.4
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=83622
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=83622
LOW1.9
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=82820
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=82820
LOW2.1
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.openwall.com/lists/oss-security/2019/06/24/13
- http://www.openwall.com/lists/oss-security/2019/06/24/14
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=80559
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.openwall.com/lists/oss-security/2019/06/24/13
- http://www.openwall.com/lists/oss-security/2019/06/24/14
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=80559
LOW2.1
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://secunia.com/advisories/61431
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=81053
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://secunia.com/advisories/61431
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=81053
LOW2.1
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://secunia.com/advisories/61431
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=80919
- http://advisories.mageia.org/MGASA-2014-0395.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
- http://secunia.com/advisories/61378
- http://secunia.com/advisories/61431
- http://www.debian.org/security/2014/dsa-3026
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/09/16/9
- http://www.securitytracker.com/id/1030864
- http://www.ubuntu.com/usn/USN-2352-1
- https://bugs.freedesktop.org/show_bug.cgi?id=80919
LOW2.1
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0457.html
- http://secunia.com/advisories/62603
- http://www.debian.org/security/2014/dsa-3099
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/11/10/2
- http://www.securityfocus.com/bid/71012
- http://www.ubuntu.com/usn/USN-2425-1
- https://bugs.freedesktop.org/show_bug.cgi?id=85105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98576
- http://advisories.mageia.org/MGASA-2014-0457.html
- http://secunia.com/advisories/62603
- http://www.debian.org/security/2014/dsa-3099
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2014/11/10/2
- http://www.securityfocus.com/bid/71012
- http://www.ubuntu.com/usn/USN-2425-1
- https://bugs.freedesktop.org/show_bug.cgi?id=85105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98576
LOW1.9
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2015-0071.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html
- http://www.debian.org/security/2015/dsa-3161
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2015/02/09/6
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://advisories.mageia.org/MGASA-2015-0071.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html
- http://www.debian.org/security/2015/dsa-3161
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
- http://www.openwall.com/lists/oss-security/2015/02/09/6
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html