CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13012 – glib2: insecure permissions for files and directories
https://notcve.org/view.php?id=CVE-2019-13012
28 Jun 2019 — The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. La bac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
https://notcve.org/view.php?id=CVE-2019-12450
29 May 2019 — file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. GLib provides the core application building blocks for libraries a... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-16428 – Ubuntu Security Notice USN-3767-1
https://notcve.org/view.php?id=CVE-2018-16428
04 Sep 2018 — In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL. USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. • http://www.openwall.com/lists/oss-security/2020/02/14/3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16429 – Ubuntu Security Notice USN-3767-1
https://notcve.org/view.php?id=CVE-2018-16429
04 Sep 2018 — GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de límites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str(). USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. • https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b • CWE-125: Out-of-bounds Read •