GCVE - cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*

part: a version: 1.4.8 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Dbus (`7e992f2d-f5d6-5884-a5a2-9325da73d4f4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/dbus`	purl2cpe	2026-06-01 10:14:03.871596
`pkg:deb/ubuntu/dbus`	purl2cpe	2026-06-01 10:14:03.871597
`pkg:github/freedesktop/dbus`	purl2cpe	2026-06-01 10:14:03.871598
`pkg:gitlab/redhat/dbus`	purl2cpe	2026-06-01 10:14:03.871600
`pkg:rpm/centos/dbus`	purl2cpe	2026-06-01 10:14:03.871601
`pkg:rpm/fedora/dbus`	purl2cpe	2026-06-01 10:14:03.871602
`pkg:rpm/opensuse/dbus`	purl2cpe	2026-06-01 10:14:03.871604

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-0245`	vulnerable	2026-06-03 14:34:29.346128	Details available D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. Published: 2015-02-13T15:00:00.000Z Updated: 2024-08-06T04:03:10.538Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.debian.org/security/2015/dsa-3161 http://www.openwall.com/lists/oss-security/2015/02/09/6 http://advisories.mageia.org/MGASA-2015-0071.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3637`	vulnerable	2026-06-03 14:34:00.397740	Details available D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. Published: 2014-09-22T15:00:00.000Z Updated: 2024-08-06T10:50:18.287Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 https://bugs.freedesktop.org/show_bug.cgi?id=80559 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://secunia.com/advisories/61378 http://www.openwall.com/lists/oss-security/2014/09/16/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3533`	vulnerable	2026-06-03 14:33:55.136441	Details available dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. Published: 2014-07-19T19:00:00.000Z Updated: 2024-08-06T10:50:16.803Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59798 http://secunia.com/advisories/59611 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://secunia.com/advisories/60236 https://bugs.freedesktop.org/show_bug.cgi?id=80469	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3477`	vulnerable	2026-06-03 14:33:54.654038	Details available The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. Published: 2014-07-01T17:00:00.000Z Updated: 2025-01-16T20:11:35.974Z Open on db.gcve.eu Reference links http://secunia.com/advisories/59798 http://secunia.com/advisories/59611 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://www.securityfocus.com/bid/67986 http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2168`	vulnerable	2026-06-03 14:32:54.139502	Details available The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. Published: 2013-07-03T18:00:00.000Z Updated: 2024-08-06T15:27:41.099Z Open on db.gcve.eu Reference links http://www.debian.org/security/2013/dsa-2707 http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:177 http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2200`	vulnerable	2026-06-03 14:31:06.241496	Details available The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. Published: 2011-06-22T22:00:00.000Z Updated: 2024-08-06T22:53:17.198Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/06/13/12 http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4 http://lists.freedesktop.org/archives/dbus/2011-May/014408.html http://www.redhat.com/support/errata/RHSA-2011-1132.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.