Mate Desktop

mate-desktop

5 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Mate Settings Daemon

mate-settings-daemon

Mate Screensaver

mate-screensaver

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-52138 1Mate Desktop 1Engrampa Feb 13, 2025 Feb 5, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While hand...Show more Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.Show less
CVE-2023-52076 1Mate Desktop 1Atril Nov 21, 2024 Jan 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is c...Show more Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.Show less
CVE-2023-51698 1Mate Desktop 1Atril Apr 10, 2025 Jan 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a cr...Show more Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.Show less
CVE-2018-20681 1Mate Desktop 1Mate Screensaver Nov 21, 2024 Jan 9, 2019 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output de...Show more mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.Show less
CVE-2012-5560 1Mate Desktop 1Mate Settings Daemon May 6, 2026 May 30, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.