Filtered by vendor Freedesktop
Subscribe
Total
131 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 3.3 LOW | N/A |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
CVE-2014-7824 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Dbus and 1 more | 2024-02-04 | 2.1 LOW | N/A |
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. | |||||
CVE-2014-3477 | 2 D-bus Project, Freedesktop | 2 D-bus, Dbus | 2024-02-04 | 2.1 LOW | N/A |
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. | |||||
CVE-2014-0004 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Udisks | 2024-02-04 | 6.9 MEDIUM | N/A |
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. | |||||
CVE-2015-0245 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2024-02-04 | 1.9 LOW | N/A |
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | |||||
CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | N/A |
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
CVE-2013-1790 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | N/A |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. | |||||
CVE-2012-3524 | 1 Freedesktop | 1 Libdbus | 2024-02-04 | 6.9 MEDIUM | N/A |
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." | |||||
CVE-2013-0292 | 1 Freedesktop | 1 Dbus-glib | 2024-02-04 | 7.2 HIGH | N/A |
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. | |||||
CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 4.3 MEDIUM | N/A |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | |||||
CVE-2012-4425 | 2 Freedesktop, Gtk | 2 Spice-gtk, Libgio | 2024-02-04 | 6.9 MEDIUM | N/A |
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. | |||||
CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | |||||
CVE-2013-4474 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | |||||
CVE-2013-1788 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 6.8 MEDIUM | N/A |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | |||||
CVE-2013-2168 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2024-02-04 | 1.9 LOW | N/A |
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. | |||||
CVE-2010-0750 | 1 Freedesktop | 1 Policykit | 2024-02-04 | 2.1 LOW | N/A |
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | |||||
CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2024-02-04 | 3.3 LOW | N/A |
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | |||||
CVE-2011-4349 | 1 Freedesktop | 1 Colord | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. | |||||
CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 11 Cups, Ubuntu Linux, Debian Linux and 8 more | 2024-02-04 | 7.5 HIGH | N/A |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | |||||
CVE-2010-1149 | 1 Freedesktop | 1 Udisks | 2024-02-04 | 2.1 LOW | N/A |
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. |