Page 109 of 732 results (0.022 seconds)

CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0

CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress

https://notcve.org/view.php?id=CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html https://access.redhat.com/errata/RHSA-2019:3530 https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI https://security.netapp.com/advisory/ntap-20190606-0003 https://usn.ubuntu.com/4014-1 https://usn.ubuntu.com/4014- • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •

CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-12449 – gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges

https://notcve.org/view.php?id=CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Fue encontrado un problema en GNOME gvfs versión 1.29.4 hasta la 1.41.2. El archivo daemon/gvfsbackendadmin.c maneja incorrectamente la propiedad de un usuario de archivo y grupo durante un movimiento (y copia con G_FILE_COPY_ALL_METADATA) operaciones de admin:// hacia file:// URIs, porque los privilegios root no están disponibles. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2& • CWE-282: Improper Ownership Management CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-12447 – gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c

https://notcve.org/view.php?id=CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. Fue encontrado un problema en GNOME gvfs versión 1.29.4 hasta la 1.41.2. El archivo daemon/gvfsbackendadmin.c maneja incorrectamente la propiedad de archivo porque no es usado setfsuid. It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2& • CWE-282: Improper Ownership Management •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 2

CVE-2019-10143 – freeradius: privilege escalation due to insecure logrotate configuration

https://notcve.org/view.php?id=CVE-2019-10143

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." ** EN DISPUTA **Se encontró que freeradius hasta la versión 3.0.19 incluyéndola, no configura correctamente el componente logrotate, lo que permite que un atacante local que ya tiene el control del usuario radiusd escale sus privilegios a root, engañando a logrotate para que escriba un archivo escribible en radiusd en un directorio normalmente inaccesible para el usuario radiusd. NOTA: el mantenedor de software upstream ha declarado que "simplemente no hay forma de que alguien obtenga privilegios a través de este supuesto problema" It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use. • http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Nov/14 https://access.redhat.com/errata/RHSA-2019:3353 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143 https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/pull/2666 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX https://lists.fedoraproject.org/archives/list/ • CWE-250: Execution with Unnecessary Privileges CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2019-12221

https://notcve.org/view.php?id=CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Se detectó un problema en libSDL2.a en Simple DirectMedia Layer (SDL) 2.0.9 cuando se usa junto con libSDL2_image.a en SDL2_image 2.0.4. Hay un SEGV en la función SDL SDL_free_REAL at stdlib / SDL_malloc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://bugzilla.libsdl.org/show_bug.cgi?id=4628 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO https://lists.fedoraproject.org/archives/list/package • CWE-787: Out-of-bounds Write •