Filtered by vendor Freedesktop
Subscriptions
Total
135 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3533 | 4 Debian, Freedesktop, Mageia Project and 1 more | 4 Debian Linux, Dbus, Mageia and 1 more | 2024-11-21 | N/A |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. | ||||
CVE-2014-3532 | 6 Debian, Freedesktop, Linux and 3 more | 6 Debian Linux, Dbus, Linux Kernel and 3 more | 2024-11-21 | N/A |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. | ||||
CVE-2014-3477 | 2 D-bus Project, Freedesktop | 2 D-bus, Dbus | 2024-11-21 | N/A |
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. | ||||
CVE-2014-0004 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Udisks, Enterprise Linux | 2024-11-21 | N/A |
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. | ||||
CVE-2013-7296 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. | ||||
CVE-2013-4474 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-11-21 | N/A |
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | ||||
CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2024-11-21 | N/A |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | ||||
CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
CVE-2013-2168 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2024-11-21 | N/A |
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. | ||||
CVE-2013-1790 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. | ||||
CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | ||||
CVE-2013-1788 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. | ||||
CVE-2013-0292 | 2 Freedesktop, Redhat | 2 Dbus-glib, Enterprise Linux | 2024-11-21 | N/A |
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. | ||||
CVE-2012-4425 | 3 Freedesktop, Gtk, Redhat | 3 Spice-gtk, Libgio, Enterprise Linux | 2024-11-21 | N/A |
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. | ||||
CVE-2012-3524 | 2 Freedesktop, Redhat | 2 Libdbus, Enterprise Linux | 2024-11-21 | N/A |
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." | ||||
CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | ||||
CVE-2011-4349 | 1 Freedesktop | 1 Colord | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. | ||||
CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2024-11-21 | N/A |
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | ||||
CVE-2011-2200 | 3 D-bus Project, Freedesktop, Redhat | 3 D-bus, Dbus, Enterprise Linux | 2024-11-21 | N/A |
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | ||||
CVE-2011-1000 | 1 Freedesktop | 1 Telepathy Gabble | 2024-11-21 | N/A |
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. |