Vulnerabilities > Freedesktop
|2021-07-20||CVE-2021-33910|| Allocation of Resources Without Limits or Throttling vulnerability in multiple products |
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
| 4.9 |
|2021-06-02||CVE-2015-1877|| Command Injection vulnerability in multiple products |
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
| 6.8 |
|2021-06-01||CVE-2020-27748|| Information Exposure Through Sent Data vulnerability in Freedesktop Xdg-Utils |
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer.
| 4.3 |
|2021-05-10||CVE-2020-13529|| Authentication Bypass by Spoofing vulnerability in multiple products |
An exploitable denial-of-service vulnerability exists in Systemd 245.
| 2.9 |
|2021-01-26||CVE-2021-3185|| Stack-based Buffer Overflow vulnerability in Freedesktop Gst-Plugins-Bad |
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
| 7.5 |
|2020-12-25||CVE-2020-35702|| Out-of-bounds Write vulnerability in Freedesktop Poppler 20.12.1 |
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.
| 6.8 |
|2020-12-03||CVE-2020-27778|| Access of Uninitialized Pointer vulnerability in multiple products |
A flaw was found in Poppler in the way certain PDF files were converted into HTML.
| 5.0 |
|2020-11-11||CVE-2020-16127|| Infinite Loop vulnerability in Freedesktop Accountsservice |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
| 2.1 |
|2020-11-11||CVE-2020-16126|| Unspecified vulnerability in Freedesktop Accountsservice |
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
| 2.1 |
|2020-06-08||CVE-2020-12049|| Improper Resource Shutdown or Release vulnerability in multiple products |
An issue was discovered in dbus >= 1.3.0 before 1.12.18.
| 4.9 |