Page 4 of 18 results (0.011 seconds)

CVSS: 7.2EPSS: 0%CPEs: 30EXPL: 0

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecución de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a través de vectores implican el tipo MIME x-scheme-handler/http. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html http://secunia.com/advisories/44797 http://secunia.com/advisories/44808 http://www.securityfocus.com/bid/48084 http://www.ubuntu.com/usn/USN-1142-1 https://bugzilla.redhat.com/show_bug.cgi?id=709139 https://hermes.opensuse.org/messages/8643655 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. La función g_file_copy en glib v2.0 establece los permisos del archivo objetivo sobre un enlace simbólico (777), lo que permite a usuarios locales asistidos por el usuario modificar los archivos de otros usuarios, como se ha demostrados usando Nautilus para modificar los permisos del directorio "home" de un usuario. • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39656 http://www.openwall.com/lists/oss-security/2009/09/08/8 http://www.vupen.com/english/advisories/2010/1001 https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135 https://bugzilla.gnome.org/show_bug.cgi?id=593406 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. Múltiples desbordamientos en glib/gbase64.c en GLib antes de la versión 2.20 permiten ejecutar, a atacantes dependientes del contexto, código arbitrario a través de una cadena demasiado larga que es convertida o bien (1) en o bien (2) desde una representación base64. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34267 http://secunia.com/advisories/34317 http://secunia.com/advisories/34404 http://secunia.com/advisories/34416 http://secunia.com/advisories/34560 http://secunia.com/advisories/34854 http:/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •