CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 2CVE-2020-13645 – Ubuntu Security Notice USN-4405-1
https://notcve.org/view.php?id=CVE-2020-13645
28 May 2020 — In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. En GNOME glib-networking versio... • https://gitlab.gnome.org/GNOME/balsa/-/issues/34 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13012 – glib2: insecure permissions for files and directories
https://notcve.org/view.php?id=CVE-2019-13012
28 Jun 2019 — The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. La bac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2013-1913 – gimp: xwd plugin g_new() integer overflow
https://notcve.org/view.php?id=CVE-2013-1913
04 Dec 2013 — Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Desbordamiento de enteros en la función load_image en file-xwd.c del plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones, cuando se usa en glib anterior a la versión 2.24, permit... • http://rhn.redhat.com/errata/RHSA-2013-1778.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2013-1978 – gimp: XWD plugin color map heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1978
04 Dec 2013 — Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Desbordamiento de búfer en la función read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (c... • http://rhn.redhat.com/errata/RHSA-2013-1778.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 257EXPL: 0CVE-2012-0039
https://notcve.org/view.php?id=CVE-2012-0039
14 Jan 2012 — GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-4316 – glib2: integer overflows in the base64 handling functions (oCERT-2008-015)
https://notcve.org/view.php?id=CVE-2008-4316
14 Mar 2009 — Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. Múltiples desbordamientos en glib/gbase64.c en GLib antes de la versión 2.20 permiten ejecutar, a atacantes dependientes del contexto, código arbitrario a través de una cadena demasiado larga que es convertida o bien (1) en o bien (2) desde una representación base64. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •