Vulnerabilities > Freedesktop > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-16126 | Unspecified vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | 2.1 |
| 2020-11-11 | CVE-2020-16127 | Infinite Loop vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | 2.1 |
| 2017-03-10 | CVE-2017-6355 | Integer Overflow or Wraparound vulnerability in Freedesktop Virglrenderer Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. | 2.1 |
| 2014-04-22 | CVE-2013-4472 | Link Following vulnerability in Freedesktop Poppler The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | 3.3 |
| 2011-06-22 | CVE-2011-2533 | Link Following vulnerability in Freedesktop Dbus The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | 3.3 |
| 2010-08-20 | CVE-2010-1172 | Permissions, Privileges, and Access Controls vulnerability in Freedesktop Dbus-Glib 0.73 DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. | 3.6 |
| 2010-04-12 | CVE-2010-1149 | Information Exposure vulnerability in Freedesktop Udisks 1.0 probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. | 2.1 |
| 2010-04-06 | CVE-2010-0750 | Information Exposure vulnerability in Freedesktop Policykit 0.96 pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | 2.1 |
| 2008-10-07 | CVE-2008-3834 | Improper Input Validation vulnerability in Freedesktop Dbus, Dbus1.0 and Dbus1.1.0 The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | 2.1 |