Known Vulnerabilities for products from Freedesktop
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freedesktop".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (i... | 5.5 - MEDIUM | 2021-07-20 | 2023-11-07 |
| CVE-2021-30860 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, i... | 7.8 - HIGH | 2021-08-24 | 2024-02-02 |
| CVE-2021-3185 | A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attac... | 9.8 - CRITICAL | 2021-01-26 | 2023-11-07 |
| CVE-2020-36024 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2023-08-11 | 2023-08-17 |
| CVE-2020-36023 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-08-11 | 2023-09-27 |
| CVE-2020-35702 | ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF docu... | 7.8 - HIGH | 2020-12-25 | 2023-11-07 |
| CVE-2020-35512 | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x... | 7.8 - HIGH | 2021-02-15 | 2023-12-27 |
| CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw ... | 7.5 - HIGH | 2020-12-03 | 2022-09-28 |
| CVE-2020-27748 | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows at... | 6.5 - MEDIUM | 2021-06-01 | 2021-06-11 |
| CVE-2020-23804 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-22 | 2023-12-08 |
| CVE-2020-18839 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-08-22 | 2023-08-25 |
| CVE-2020-16127 | An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would... | 5.5 - MEDIUM | 2020-11-11 | 2020-11-24 |
| CVE-2020-16126 | An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, impro... | 3.3 - LOW | 2020-11-11 | 2020-11-24 |
| CVE-2020-16122 | PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust an... | 7.8 - HIGH | 2020-11-07 | 2022-10-21 |
| CVE-2020-13776 | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as ... | 6.7 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-13529 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a ... | 6.1 - MEDIUM | 2021-05-10 | 2023-11-07 |
| CVE-2020-12049 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descri... | 5.5 - MEDIUM | 2020-06-08 | 2023-06-12 |
| CVE-2020-1712 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are perfo... | 7.8 - HIGH | 2020-03-31 | 2023-11-07 |
| CVE-2019-20386 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger com... | 2.4 - LOW | 2020-01-21 | 2023-11-07 |
| CVE-2019-20367 | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab... | 9.1 - CRITICAL | 2020-01-08 | 2023-11-07 |
Known software with vulnerabilities from Freedesktop
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freedesktop | Accountsservice | 0.2 |
| Application | Freedesktop | Dbus | 1.3.0 |
| Application | Freedesktop | Dbus-glib | 0.72 |
| Application | Freedesktop | Gst-plugins-bad | 0.9.1 |
| Application | Freedesktop | Libbsd | 0.0 |
| Application | Freedesktop | Libdbus | 1.5.0 |
| Application | Freedesktop | Libice | 1.0.1 |
| Application | Freedesktop | Libmbim | 0.0.1 |
| Application | Freedesktop | Poppler | - |
| Application | Freedesktop | Systemd | 001 |
| Application | Freedesktop | Udisks | 1.0 |
| Application | Freedesktop | Xdg-user-dirs | 0.0.4 |
| Application | Freedesktop | Xdg-utils | 1.0 |