Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-14822

Опубликовано: 25 нояб. 2019
Источник: debian
EPSS Низкий

Описание

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ibusfixed1.5.21-1package
ibusignoredjessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2019/09/13/1

  • Fixed by: https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151

  • The original fix introduces regression with Qt applications (the fix uncovered an

  • interoperability bug between GLib's implementation of D-Bus and the reference implementation

  • libdbus):

  • https://bugs.debian.org/941018

  • https://launchpad.net/bugs/1844853

  • https://github.com/ibus/ibus/issues/2137

EPSS

Процентиль: 48%
0.00246
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-14822

CVSS3: 7.1
ubuntu
почти 6 лет назад

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

redhat логотип

CVE-2019-14822

CVSS3: 6.1
redhat
около 6 лет назад

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

nvd логотип

CVE-2019-14822

CVSS3: 7.1
nvd
почти 6 лет назад

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.

suse-cvrf логотип

openSUSE-SU-2019:2199-1

suse-cvrf
почти 6 лет назад

Security update for ibus

suse-cvrf логотип

openSUSE-SU-2019:2174-1

suse-cvrf
почти 6 лет назад

Security update for ibus

EPSS

Процентиль: 48%
0.00246
Низкий