CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6750
https://notcve.org/view.php?id=CVE-2020-6750
09 Jan 2020 — GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. GSo... • https://bugzilla.suse.com/show_bug.cgi?id=1160668 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13012 – glib2: insecure permissions for files and directories
https://notcve.org/view.php?id=CVE-2019-13012
28 Jun 2019 — The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. La bac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
https://notcve.org/view.php?id=CVE-2019-12450
29 May 2019 — file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. GLib provides the core application building blocks for libraries a... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9633
https://notcve.org/view.php?id=CVE-2019-9633
08 Mar 2019 — gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). gio/gsocketclient.c en GNOME GLib, en su versión 2.59.2, no garantiza que un GTask padre permanezca vivo durante la ejecución de una enumeración de intento de co... • http://www.securityfocus.com/bid/107391 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-16428 – Ubuntu Security Notice USN-3767-1
https://notcve.org/view.php?id=CVE-2018-16428
04 Sep 2018 — In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL. USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. • http://www.openwall.com/lists/oss-security/2020/02/14/3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16429 – Ubuntu Security Notice USN-3767-1
https://notcve.org/view.php?id=CVE-2018-16429
04 Sep 2018 — GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de límites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str(). USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. • https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 7%CPEs: 29EXPL: 3CVE-2016-6855 – Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write
https://notcve.org/view.php?id=CVE-2016-6855
23 Aug 2016 — Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Eye of GNOME (también conocido como eog) 3.16.5, 3.17.x, 3.18.x en versiones anteriores a 3.18.3, 3.19.x y 3.20.x en versiones anteriores a 3.20.4, cuando es utilizado con glib en versiones anteriores a 2.44.1, permiten a atacantes remotos pr... • https://packetstorm.news/files/id/138486 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1913 – gimp: xwd plugin g_new() integer overflow
https://notcve.org/view.php?id=CVE-2013-1913
04 Dec 2013 — Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Desbordamiento de enteros en la función load_image en file-xwd.c del plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones, cuando se usa en glib anterior a la versión 2.24, permit... • http://rhn.redhat.com/errata/RHSA-2013-1778.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 6%CPEs: 4EXPL: 0CVE-2013-1978 – gimp: XWD plugin color map heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1978
04 Dec 2013 — Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Desbordamiento de búfer en la función read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (c... • http://rhn.redhat.com/errata/RHSA-2013-1778.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 257EXPL: 0CVE-2012-0039
https://notcve.org/view.php?id=CVE-2012-0039
14 Jan 2012 — GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044 • CWE-310: Cryptographic Issues •