Vulnerabilities > Freedesktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 4.9 |
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 6.8 |
| 2021-06-01 | CVE-2020-27748 | Information Exposure Through Sent Data vulnerability in Freedesktop Xdg-Utils A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. | 4.3 |
| 2021-05-10 | CVE-2020-13529 | Authentication Bypass by Spoofing vulnerability in multiple products An exploitable denial-of-service vulnerability exists in Systemd 245. | 2.9 |
| 2021-01-26 | CVE-2021-3185 | Stack-based Buffer Overflow vulnerability in Freedesktop Gst-Plugins-Bad A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | 7.5 |
| 2020-12-25 | CVE-2020-35702 | Out-of-bounds Write vulnerability in Freedesktop Poppler 20.12.1 ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. | 6.8 |
| 2020-12-03 | CVE-2020-27778 | Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in Poppler in the way certain PDF files were converted into HTML. | 5.0 |
| 2020-11-11 | CVE-2020-16127 | Infinite Loop vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | 2.1 |
| 2020-11-11 | CVE-2020-16126 | Unspecified vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | 2.1 |
| 2020-06-08 | CVE-2020-12049 | Improper Resource Shutdown or Release vulnerability in multiple products An issue was discovered in dbus >= 1.3.0 before 1.12.18. | 4.9 |