Lucene search
K

169 matches found

RedhatCVE
RedhatCVE
added 2019/07/10 7:54 a.m.35 views

CVE-2019-12447

It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...

7.3CVSS2.8AI score0.01832EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/07/10 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS : GVfs vulnerabilities (USN-4053-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4053-1 advisory. It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong...

8.1CVSS6.7AI score0.0184EPSS
Exploits0References5
OSV
OSV
added 2019/07/09 11:29 a.m.4 views

USN-4053-1 gvfs vulnerabilities

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...

8.1CVSS6.9AI score0.0184EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2019/07/09 11:29 a.m.66 views

USN-4053-1: GVfs vulnerabilities

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...

8.1CVSS6.6AI score0.0184EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/19 12:0 a.m.40 views

RHEL 8 : gvfs (RHSA-2019:1517)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1517 advisory. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol FTP, Secure...

7CVSS7AI score0.00368EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/06/18 5:22 p.m.6 views

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

7CVSS5.8AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2019/05/29 5:29 p.m.4 views

ALPINE-CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS7AI score0.01749EPSS
Exploits0References1
OSV
OSV
added 2019/05/29 5:29 p.m.1 views

DEBIAN-CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS7AI score0.01749EPSS
Exploits0References1
Prion
Prion
added 2019/05/29 5:29 p.m.20 views

Race condition

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

6.8CVSS7.7AI score0.01749EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2019/05/29 4:15 p.m.19 views

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

7.2AI score0.01749EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2019/05/29 4:15 p.m.21 views

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS7.6AI score0.01749EPSS
Exploits0
CVE
CVE
added 2019/05/29 4:15 p.m.279 views

CVE-2019-12448

CVE-2019-12448 affects GNOME gvfs 1.29.4–1.41.2 in gvfsbackendadmin.c, which has race conditions because the admin backend doesn’t implement query_info_on_read/write. Connected Nessus entries (e.g., TDs from TencentOS/Tenable) list this CVE among gvfs-related issues and confirm the affected range...

8.1CVSS7AI score0.01749EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2019/05/29 4:15 p.m.42 views

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS7.3AI score0.01749EPSS
Exploits0
OSV
OSV
added 2019/05/29 12:0 a.m.1 views

UBUNTU-CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS6.9AI score0.01749EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/05/29 12:0 a.m.26 views

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS6.9AI score0.01749EPSS
Exploits0References2
OSV
OSV
added 2019/05/29 12:0 a.m.4 views

UBUNTU-CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move and copy with GFILECOPYALLMETADATA operations from admin:// to file:// URIs, because root privileges are unavailable...

5.7CVSS6.9AI score0.0184EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/04/07 9:6 a.m.31 views

Automattic: WooCommerce: Persistent XSS via customer address (state/county)

Persistent XSS via customer address state/county ================================ CVSS ---- High 7.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Description ----------- The current version 3.5.7 of the WooCommerce WordPress plugin echoes the state/county of a customer in the admin backend withou...

0.4AI score
Exploits0
Prion
Prion
added 2019/03/25 6:29 p.m.15 views

Design/Logic Flaw

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

3.3CVSS7AI score0.00368EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2019/03/25 5:47 p.m.22 views

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

7CVSS7.4AI score0.00368EPSS
Exploits0
CVE
CVE
added 2019/03/25 5:47 p.m.159 views

CVE-2019-3827

CVE-2019-3827 affects gvfs prior to 1.39.4. A flawed permission check in the admin backend allows reading and modifying arbitrary files by privileged users when no authentication agent is running, enabling local privilege escalation under certain system configurations. Multiple connected advisori...

7CVSS7AI score0.00368EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder