Vulnerabilities > Freedesktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 6.8 |
| 2021-06-01 | CVE-2020-27748 | Information Exposure Through Sent Data vulnerability in Freedesktop Xdg-Utils A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. | 4.3 |
| 2021-02-15 | CVE-2020-35512 | Use After Free vulnerability in Freedesktop Dbus 1.12.20 A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. | 7.8 |
| 2021-01-26 | CVE-2021-3185 | Out-of-bounds Write vulnerability in Freedesktop Gst-Plugins-Bad A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | 9.8 |
| 2020-12-25 | CVE-2020-35702 | Out-of-bounds Write vulnerability in Freedesktop Poppler 20.12.1 DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. | 7.8 |
| 2020-12-03 | CVE-2020-27778 | Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in Poppler in the way certain PDF files were converted into HTML. | 7.5 |
| 2020-11-11 | CVE-2020-16127 | Infinite Loop vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | 2.1 |
| 2020-11-11 | CVE-2020-16126 | Unspecified vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | 2.1 |
| 2020-06-08 | CVE-2020-12049 | Improper Resource Shutdown or Release vulnerability in multiple products An issue was discovered in dbus >= 1.3.0 before 1.12.18. | 5.5 |
| 2020-01-09 | CVE-2012-2142 | Security vulnerability in Poppler and xpdf The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 6.8 |