Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freedesktop vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Freedesktop Poppler 22.03.0
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
607
VMScore
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a ...
Apple Mac Os X
Apple Mac Os X 10.15.7
Apple Ipados
Apple Watchos
Apple Macos
Apple Iphone Os
Xpdfreader Xpdf
Freedesktop Poppler
5 Github repositories
5 Articles
605
VMScore
CVE-2015-1877
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote malicious users to execute arbitrary commands via a crafted file.
Freedesktop Xdg-utils 1.1.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
383
VMScore
CVE-2020-27748
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attache...
Freedesktop Xdg-utils
641
VMScore
CVE-2020-35512
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D...
Freedesktop Dbus 1.12.20
668
VMScore
CVE-2021-3185
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
Freedesktop Gst-plugins-bad
605
VMScore
CVE-2020-35702
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT ...
Freedesktop Poppler 20.12.1
445
VMScore
CVE-2020-27778
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
Freedesktop Poppler
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
187
VMScore
CVE-2020-16126
An Ubuntu-specific modification to AccountsService in versions prior to 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
Freedesktop Accountsservice
1 Github repository
187
VMScore
CVE-2020-16127
An Ubuntu-specific modification to AccountsService in versions prior to 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
Freedesktop Accountsservice
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »