Vulnerabilities > Linux NFS > NFS Utils > 1.2.6

DATE CVE VULNERABILITY TITLE RISK
2019-09-19 CVE-2019-3689 Incorrect Default Permissions vulnerability in Linux-Nfs Nfs-Utils
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup.
network
low complexity
linux-nfs CWE-276
critical
 9.8
9.8
2014-01-21 CVE-2013-1923 Information Exposure vulnerability in Linux-Nfs Nfs-Utils
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
high complexity
linux-nfs CWE-200
3.2
3.2