Vulnerabilities > Gnome > Glib

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2020-6750 GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled.
network
high complexity
gnome fedoraproject
5.9
5.9
2019-06-28 CVE-2019-13012 Incorrect Permission Assignment for Critical Resource vulnerability in Gnome Glib
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
network
low complexity
gnome CWE-732
7.5
7.5
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
 9.8
9.8
2019-03-08 CVE-2019-9633 Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Glib 2.59.2
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
network
low complexity
gnome CWE-754
6.5
6.5
2018-09-04 CVE-2018-16429 Out-of-bounds Read vulnerability in multiple products
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
network
low complexity
gnome canonical CWE-125
7.5
7.5
2018-09-04 CVE-2018-16428 NULL Pointer Dereference vulnerability in multiple products
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
network
low complexity
gnome canonical CWE-476
critical
 9.8
9.8
2009-09-22 CVE-2009-3289 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
local
low complexity
gnome opensuse suse CWE-732
7.8
7.8