Vulnerabilities (CVE)

Filtered by vendor Freedesktop Subscribe
Total 132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2568 1 Freedesktop 1 Polkit 2021-09-29 4.4 MEDIUM 7.8 HIGH
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVE-2021-33910 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Systemd 2021-09-21 4.9 MEDIUM 5.5 MEDIUM
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVE-2020-13529 3 Fedoraproject, Freedesktop, Netapp 3 Fedora, Systemd, Active Iq Unified Manager 2021-09-08 2.9 LOW 6.1 MEDIUM
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
CVE-2018-15686 4 Canonical, Debian, Freedesktop and 1 more 4 Ubuntu Linux, Debian Linux, Systemd and 1 more 2021-07-28 7.2 HIGH 7.8 HIGH
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
CVE-2019-9543 1 Freedesktop 1 Poppler 2021-07-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.
CVE-2019-20386 1 Freedesktop 1 Systemd 2021-07-21 2.1 LOW 2.4 LOW
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
CVE-2019-7310 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVE-2019-9545 1 Freedesktop 1 Poppler 2021-07-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
CVE-2018-16864 5 Canonical, Debian, Freedesktop and 2 more 11 Ubuntu Linux, Debian Linux, Systemd and 8 more 2021-07-20 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
CVE-2019-6454 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2021-07-20 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVE-2018-16865 5 Canonical, Debian, Freedesktop and 2 more 11 Ubuntu Linux, Debian Linux, Systemd and 8 more 2021-07-20 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
CVE-2017-18078 3 Debian, Freedesktop, Opensuse 3 Debian Linux, Systemd, Leap 2021-06-29 4.6 MEDIUM 7.8 HIGH
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
CVE-2019-3843 4 Canonical, Fedoraproject, Freedesktop and 1 more 8 Ubuntu Linux, Fedora, Systemd and 5 more 2021-06-29 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
CVE-2019-3844 4 Canonical, Fedoraproject, Freedesktop and 1 more 8 Ubuntu Linux, Fedora, Systemd and 5 more 2021-06-29 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
CVE-2018-6954 2 Canonical, Freedesktop 2 Ubuntu Linux, Systemd 2021-06-29 7.2 HIGH 7.8 HIGH
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
CVE-2015-1877 2 Debian, Freedesktop 2 Debian Linux, Xdg-utils 2021-06-14 6.8 MEDIUM 8.8 HIGH
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
CVE-2020-27748 1 Freedesktop 1 Xdg-utils 2021-06-11 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
CVE-2017-14926 2 Debian, Freedesktop 2 Debian Linux, Poppler 2021-04-06 4.3 MEDIUM 5.5 MEDIUM
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
CVE-2017-14928 2 Debian, Freedesktop 2 Debian Linux, Poppler 2021-04-06 4.3 MEDIUM 5.5 MEDIUM
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
CVE-2019-20367 4 Canonical, Debian, Freedesktop and 1 more 4 Ubuntu Linux, Debian Linux, Libbsd and 1 more 2021-04-01 6.4 MEDIUM 9.1 CRITICAL
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).