CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
https://notcve.org/view.php?id=CVE-2019-12450
29 May 2019 — file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. GLib provides the core application building blocks for libraries a... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9633
https://notcve.org/view.php?id=CVE-2019-9633
08 Mar 2019 — gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). gio/gsocketclient.c en GNOME GLib, en su versión 2.59.2, no garantiza que un GTask padre permanezca vivo durante la ejecución de una enumeración de intento de co... • http://www.securityfocus.com/bid/107391 • CWE-754: Improper Check for Unusual or Exceptional Conditions •