GCVE - cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*

part: a version: 1.8.6 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Dbus (`7e992f2d-f5d6-5884-a5a2-9325da73d4f4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/dbus`	purl2cpe	2026-06-01 10:14:03.872000
`pkg:deb/ubuntu/dbus`	purl2cpe	2026-06-01 10:14:03.872001
`pkg:github/freedesktop/dbus`	purl2cpe	2026-06-01 10:14:03.872002
`pkg:gitlab/redhat/dbus`	purl2cpe	2026-06-01 10:14:03.872004
`pkg:rpm/centos/dbus`	purl2cpe	2026-06-01 10:14:03.872005
`pkg:rpm/fedora/dbus`	purl2cpe	2026-06-01 10:14:03.872006
`pkg:rpm/opensuse/dbus`	purl2cpe	2026-06-01 10:14:03.872008

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-0245`	vulnerable	2026-06-03 14:34:29.363204	Details available D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. Published: 2015-02-13T15:00:00.000Z Updated: 2024-08-06T04:03:10.538Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.debian.org/security/2015/dsa-3161 http://www.openwall.com/lists/oss-security/2015/02/09/6 http://advisories.mageia.org/MGASA-2015-0071.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7824`	vulnerable	2026-06-03 14:34:16.339837	Details available D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. Published: 2014-11-18T15:00:00.000Z Updated: 2024-08-06T13:03:27.015Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2014/11/10/2 http://secunia.com/advisories/62603 http://advisories.mageia.org/MGASA-2014-0457.html https://bugs.freedesktop.org/show_bug.cgi?id=85105 https://exchange.xforce.ibmcloud.com/vulnerabilities/98576	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3639`	vulnerable	2026-06-03 14:34:00.409032	Details available The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. Published: 2014-09-22T15:00:00.000Z Updated: 2024-08-06T10:50:18.243Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html http://secunia.com/advisories/61378 http://www.openwall.com/lists/oss-security/2014/09/16/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3638`	vulnerable	2026-06-03 14:34:00.408274	Details available The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. Published: 2014-09-22T15:00:00.000Z Updated: 2024-08-06T10:50:17.924Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html http://secunia.com/advisories/61378 http://www.openwall.com/lists/oss-security/2014/09/16/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3637`	vulnerable	2026-06-03 14:34:00.407455	Details available D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. Published: 2014-09-22T15:00:00.000Z Updated: 2024-08-06T10:50:18.287Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 https://bugs.freedesktop.org/show_bug.cgi?id=80559 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://secunia.com/advisories/61378 http://www.openwall.com/lists/oss-security/2014/09/16/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3636`	vulnerable	2026-06-03 14:34:00.392806	Details available D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. Published: 2014-10-25T20:00:00.000Z Updated: 2024-10-17T18:03:39.167Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://secunia.com/advisories/61378 http://www.openwall.com/lists/oss-security/2014/09/16/9 http://www.securitytracker.com/id/1030864	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3635`	vulnerable	2026-06-03 14:34:00.391613	Details available Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. Published: 2014-09-22T15:00:00.000Z Updated: 2024-08-06T10:50:18.235Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-2352-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html https://bugs.freedesktop.org/show_bug.cgi?id=83622 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://secunia.com/advisories/61378	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.