CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13012 – glib2: insecure permissions for files and directories
https://notcve.org/view.php?id=CVE-2019-13012
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. La back-end de configuración de keyfile en GLib (también se conoce como glib2.0) anterior a versión 2.60.0 de GNOME, crea directorios usando g_file_make_directory_with_parents (kfsb-)dir, NULL, NULL) y archivos utilizando g_file_replace_contents (kfsb-)file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12 https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429 https://gitlab.gnome.org/GNOME/glib/issues/1658 https://gitlab.gnome.org/GNOME/glib/merge_requests/450 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a45089365 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
https://notcve.org/view.php?id=CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html https://access.redhat.com/errata/RHSA-2019:3530 https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI https://security.netapp.com/advisory/ntap-20190606-0003 https://usn.ubuntu.com/4014-1 https://usn.ubuntu.com/4014- • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2018-16428
https://notcve.org/view.php?id=CVE-2018-16428
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL. • http://www.openwall.com/lists/oss-security/2020/02/14/3 http://www.securityfocus.com/bid/105210 https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 https://gitlab.gnome.org/GNOME/glib/issues/1364 https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16429
https://notcve.org/view.php?id=CVE-2018-16429
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de límites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str(). • https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b https://gitlab.gnome.org/GNOME/glib/issues/1361 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html https://usn.ubuntu.com/3767-1 https://usn.ubuntu.com/3767-2 • CWE-125: Out-of-bounds Read •