CVE-2015-0245 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	1.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
freedesktop	dbus	1.4.0
freedesktop	dbus	1.4.1
freedesktop	dbus	1.4.4
freedesktop	dbus	1.4.6
freedesktop	dbus	1.4.8
freedesktop	dbus	1.4.10
freedesktop	dbus	1.4.12
freedesktop	dbus	1.4.14
freedesktop	dbus	1.4.16
freedesktop	dbus	1.4.18
freedesktop	dbus	1.4.20
freedesktop	dbus	1.4.24
freedesktop	dbus	1.4.26
freedesktop	dbus	1.5.0
freedesktop	dbus	1.5.2
freedesktop	dbus	1.5.4
freedesktop	dbus	1.5.6
freedesktop	dbus	1.5.8
freedesktop	dbus	1.5.10
freedesktop	dbus	1.5.12
freedesktop	dbus	1.6.0
freedesktop	dbus	1.6.2
freedesktop	dbus	1.6.4
freedesktop	dbus	1.6.6
freedesktop	dbus	1.6.8
freedesktop	dbus	1.6.10
freedesktop	dbus	1.6.12
freedesktop	dbus	1.6.14
freedesktop	dbus	1.6.16
freedesktop	dbus	1.6.18
freedesktop	dbus	1.6.20
freedesktop	dbus	1.6.22
freedesktop	dbus	1.6.24
freedesktop	dbus	1.6.26
freedesktop	dbus	1.6.28
freedesktop	dbus	1.8.0
freedesktop	dbus	1.8.2
freedesktop	dbus	1.8.4
freedesktop	dbus	1.8.6
freedesktop	dbus	1.8.8
freedesktop	dbus	1.8.10
freedesktop	dbus	1.8.12
freedesktop	dbus	1.8.14
freedesktop	dbus	1.9.0
freedesktop	dbus	1.9.2
freedesktop	dbus	1.9.4
freedesktop	dbus	1.9.6
freedesktop	dbus	1.9.8
opensuse	opensuse	13.1
opensuse	opensuse	13.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dbus

bookworm	1.14.10-1~deb12u1 fixed
bullseye	1.12.28-0+deb11u1 fixed
bullseye (security)	1.12.24-0+deb11u1 fixed
sid	1.14.10-6 fixed
squeeze	not-affected
trixie	1.14.10-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

dbus

lucid	not-affected
precise	Fixed 1.4.18-1ubuntu1.8 released
trusty	Fixed 1.6.18-0ubuntu4.4 released
utopic	ignored
vivid	ignored
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://advisories.mageia.org/MGASA-2015-0071.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html

http://www.debian.org/security/2015/dsa-3161

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

http://www.openwall.com/lists/oss-security/2015/02/09/6

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://advisories.mageia.org/MGASA-2015-0071.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html

http://www.debian.org/security/2015/dsa-3161

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

http://www.openwall.com/lists/oss-security/2015/02/09/6

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html