Vulnerabilities > Freedesktop

DATE CVE VULNERABILITY TITLE RISK
2020-12-25 CVE-2020-35702 Out-Of-Bounds Write vulnerability in Freedesktop Poppler 20.12.1
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.
6.8
2020-12-03 CVE-2020-27778 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in Poppler in the way certain PDF files were converted into HTML.
network
low complexity
freedesktop redhat CWE-824
5.0
2020-11-11 CVE-2020-16127 Infinite Loop vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
local
low complexity
freedesktop CWE-835
2.1
2020-11-11 CVE-2020-16126 Unspecified vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
local
low complexity
freedesktop
2.1
2020-11-07 CVE-2020-16122 Improper Privilege Management vulnerability in multiple products
PackageKit's apt backend mistakenly treated all local debs as trusted.
local
low complexity
freedesktop canonical CWE-269
2.1
2020-06-08 CVE-2020-12049 Improper Resource Shutdown OR Release vulnerability in Freedesktop Dbus
An issue was discovered in dbus >= 1.3.0 before 1.12.18.
local
low complexity
freedesktop CWE-404
4.9
2020-06-03 CVE-2020-13776 Improper Input Validation vulnerability in multiple products
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.
local
high complexity
freedesktop netapp CWE-20
6.2
2020-03-31 CVE-2020-1712 USE After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
freedesktop redhat CWE-416
4.6
2020-03-11 CVE-2012-1101 Unspecified vulnerability in Freedesktop Systemd 37
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
local
low complexity
freedesktop
2.1
2020-01-21 CVE-2019-20386 Missing Release of Resource After Effective Lifetime vulnerability in Freedesktop Systemd
An issue was discovered in button_open in login/logind-button.c in systemd before 243.
local
low complexity
freedesktop CWE-772
2.1