Vulnerabilities > Freedesktop
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-06 | CVE-2010-0750 | Information Exposure vulnerability in Freedesktop Policykit 0.96 pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | 2.1 |
2009-01-07 | CVE-2009-0068 | Code Injection vulnerability in Freedesktop Xdg-Utils 1.0 Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | 6.8 |
2008-12-10 | CVE-2008-4311 | Configuration vulnerability in Freedesktop Dbus The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | 4.6 |
2008-11-06 | CVE-2008-4984 | Link Following vulnerability in Freedesktop Scratchbox2 1.99.0.24 scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts. | 6.9 |
2008-10-07 | CVE-2008-3834 | Improper Input Validation vulnerability in Freedesktop Dbus, Dbus1.0 and Dbus1.1.0 The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | 2.1 |