Vulnerabilities (CVE)

Filtered by vendor Freedesktop Subscribe
Total 134 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0750 1 Freedesktop 1 Policykit 2023-12-10 2.1 LOW N/A
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
CVE-2010-1149 1 Freedesktop 1 Udisks 2023-12-10 2.1 LOW N/A
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
CVE-2011-4349 1 Freedesktop 1 Colord 2023-12-10 4.6 MEDIUM N/A
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
CVE-2011-1000 1 Freedesktop 1 Telepathy Gabble 2023-12-10 6.4 MEDIUM N/A
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
CVE-2010-3702 9 Apple, Canonical, Debian and 6 more 11 Cups, Ubuntu Linux, Debian Linux and 8 more 2023-12-10 7.5 HIGH N/A
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-1172 1 Freedesktop 1 Dbus-glib 2023-12-10 3.6 LOW N/A
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.
CVE-2011-2533 1 Freedesktop 1 Dbus 2023-12-10 3.3 LOW N/A
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
CVE-2008-4311 1 Freedesktop 1 Dbus 2023-12-10 4.6 MEDIUM N/A
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
CVE-2008-1658 1 Freedesktop 1 Policykit 2023-12-10 4.6 MEDIUM N/A
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
CVE-2008-4984 1 Freedesktop 1 Scratchbox2 2023-12-10 6.9 MEDIUM N/A
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
CVE-2009-0068 2 Freedesktop, Mozilla 2 Xdg-utils, Firefox 2023-12-10 6.8 MEDIUM N/A
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
CVE-2009-1189 1 Freedesktop 1 Dbus 2023-12-10 3.6 LOW N/A
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
CVE-2008-3834 1 Freedesktop 3 Dbus, Dbus1.0, Dbus1.1.0 2023-12-10 2.1 LOW N/A
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
CVE-2007-3387 6 Apple, Canonical, Debian and 3 more 6 Cups, Ubuntu Linux, Debian Linux and 3 more 2023-12-10 6.8 MEDIUM N/A
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.