CVE-2009-1189
- EPSS 1.11%
- Veröffentlicht 27.04.2009 18:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to a...
CVE-2008-4311
- EPSS 0.04%
- Veröffentlicht 10.12.2008 00:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and po...
CVE-2008-3834
- EPSS 1.64%
- Veröffentlicht 07.10.2008 21:01:52
- Zuletzt bearbeitet 09.04.2025 00:30:58
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
CVE-2008-0595
- EPSS 0.06%
- Veröffentlicht 29.02.2008 19:44:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a m...