Vulnerabilities > Freedesktop

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-33910 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
local
low complexity
freedesktop fedoraproject debian CWE-770
4.9
2021-06-02 CVE-2015-1877 Command Injection vulnerability in multiple products
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
6.8
2021-06-01 CVE-2020-27748 Information Exposure Through Sent Data vulnerability in Freedesktop Xdg-Utils
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer.
4.3
2021-05-10 CVE-2020-13529 Authentication Bypass BY Spoofing vulnerability in Freedesktop Systemd 245
An exploitable denial-of-service vulnerability exists in Systemd 245.
2.9
2021-01-26 CVE-2021-3185 Stack-Based Buffer Overflow vulnerability in Freedesktop Gst-Plugins-Bad
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
network
low complexity
freedesktop CWE-121
7.5
2020-12-25 CVE-2020-35702 Out-Of-Bounds Write vulnerability in Freedesktop Poppler 20.12.1
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.
6.8
2020-12-03 CVE-2020-27778 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in Poppler in the way certain PDF files were converted into HTML.
network
low complexity
freedesktop redhat CWE-824
5.0
2020-11-11 CVE-2020-16127 Infinite Loop vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
local
low complexity
freedesktop CWE-835
2.1
2020-11-11 CVE-2020-16126 Unspecified vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
local
low complexity
freedesktop
2.1
2020-06-08 CVE-2020-12049 Improper Resource Shutdown OR Release vulnerability in multiple products
An issue was discovered in dbus >= 1.3.0 before 1.12.18.
local
low complexity
freedesktop canonical CWE-404
4.9