Vulnerabilities > Freedesktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-25 | CVE-2020-35702 | Out-Of-Bounds Write vulnerability in Freedesktop Poppler 20.12.1 ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. | 6.8 |
| 2020-12-03 | CVE-2020-27778 | Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in Poppler in the way certain PDF files were converted into HTML. | 5.0 |
| 2020-11-11 | CVE-2020-16127 | Infinite Loop vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | 2.1 |
| 2020-11-11 | CVE-2020-16126 | Unspecified vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | 2.1 |
| 2020-11-07 | CVE-2020-16122 | Improper Privilege Management vulnerability in multiple products PackageKit's apt backend mistakenly treated all local debs as trusted. | 2.1 |
| 2020-06-08 | CVE-2020-12049 | Improper Resource Shutdown OR Release vulnerability in Freedesktop Dbus An issue was discovered in dbus >= 1.3.0 before 1.12.18. | 4.9 |
| 2020-06-03 | CVE-2020-13776 | Improper Input Validation vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. | 6.2 |
| 2020-03-31 | CVE-2020-1712 | USE After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 4.6 |
| 2020-03-11 | CVE-2012-1101 | Unspecified vulnerability in Freedesktop Systemd 37 systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | 2.1 |
| 2020-01-21 | CVE-2019-20386 | Missing Release of Resource After Effective Lifetime vulnerability in Freedesktop Systemd An issue was discovered in button_open in login/logind-button.c in systemd before 243. | 2.1 |