rpm package
almalinux/clutter
pkg:rpm/almalinux/clutter
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12449 | — | < 1.26.2-8.el8 | 1.26.2-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | ||
| CVE-2019-12448 | — | < 1.26.2-8.el8 | 1.26.2-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. | ||
| CVE-2019-12447 | — | < 1.26.2-8.el8 | 1.26.2-8.el8 | May 29, 2019 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | ||
| CVE-2019-3825 | — | < 1.26.2-8.el8 | 1.26.2-8.el8 | Feb 6, 2019 | A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | ||
| CVE-2018-20337 | — | < 1.26.2-8.el8 | 1.26.2-8.el8 | Dec 21, 2018 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. |
- CVE-2019-12449May 29, 2019affected < 1.26.2-8.el8fixed 1.26.2-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
- CVE-2019-12448May 29, 2019affected < 1.26.2-8.el8fixed 1.26.2-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
- CVE-2019-12447May 29, 2019affected < 1.26.2-8.el8fixed 1.26.2-8.el8
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
- CVE-2019-3825Feb 6, 2019affected < 1.26.2-8.el8fixed 1.26.2-8.el8
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
- CVE-2018-20337Dec 21, 2018affected < 1.26.2-8.el8fixed 1.26.2-8.el8
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.