csaf_opensuse - opensuse-su-2024:10838-1

opensuse-su-2024:10838-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

gvfs-1.48.1-1.3 on GA media

Notes

Title of the patch

gvfs-1.48.1-1.3 on GA media

Description of the patch

These are all security issues fixed in the gvfs-1.48.1-1.3 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10838

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "gvfs-1.48.1-1.3 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the gvfs-1.48.1-1.3 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10838",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10838-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12447 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12447/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12448 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12448/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12449 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12449/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12795 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3827 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3827/"
      }
    ],
    "title": "gvfs-1.48.1-1.3 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10838-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gvfs-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-32bit-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-32bit-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-32bit-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-afc-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-backend-afc-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-backend-afc-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-samba-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-backend-samba-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-backend-samba-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backends-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-backends-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-backends-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-devel-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-devel-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-devel-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-fuse-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-fuse-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-fuse-1.48.1-1.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-lang-1.48.1-1.3.aarch64",
                "product": {
                  "name": "gvfs-lang-1.48.1-1.3.aarch64",
                  "product_id": "gvfs-lang-1.48.1-1.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gvfs-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-32bit-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-32bit-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-32bit-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-afc-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-backend-afc-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-backend-afc-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-samba-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-backend-samba-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-backend-samba-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backends-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-backends-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-backends-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-devel-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-devel-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-devel-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-fuse-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-fuse-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-fuse-1.48.1-1.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-lang-1.48.1-1.3.ppc64le",
                "product": {
                  "name": "gvfs-lang-1.48.1-1.3.ppc64le",
                  "product_id": "gvfs-lang-1.48.1-1.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gvfs-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-1.48.1-1.3.s390x",
                  "product_id": "gvfs-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-32bit-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-32bit-1.48.1-1.3.s390x",
                  "product_id": "gvfs-32bit-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-afc-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-backend-afc-1.48.1-1.3.s390x",
                  "product_id": "gvfs-backend-afc-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-samba-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-backend-samba-1.48.1-1.3.s390x",
                  "product_id": "gvfs-backend-samba-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backends-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-backends-1.48.1-1.3.s390x",
                  "product_id": "gvfs-backends-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-devel-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-devel-1.48.1-1.3.s390x",
                  "product_id": "gvfs-devel-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-fuse-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-fuse-1.48.1-1.3.s390x",
                  "product_id": "gvfs-fuse-1.48.1-1.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-lang-1.48.1-1.3.s390x",
                "product": {
                  "name": "gvfs-lang-1.48.1-1.3.s390x",
                  "product_id": "gvfs-lang-1.48.1-1.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gvfs-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-32bit-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-32bit-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-32bit-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-afc-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-backend-afc-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-backend-afc-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backend-samba-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-backend-samba-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-backend-samba-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-backends-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-backends-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-backends-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-devel-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-devel-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-devel-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-fuse-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-fuse-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-fuse-1.48.1-1.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gvfs-lang-1.48.1-1.3.x86_64",
                "product": {
                  "name": "gvfs-lang-1.48.1-1.3.x86_64",
                  "product_id": "gvfs-lang-1.48.1-1.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-32bit-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-32bit-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-32bit-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-32bit-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-32bit-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-32bit-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-32bit-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-32bit-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-afc-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-backend-afc-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-afc-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-backend-afc-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-afc-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-backend-afc-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-afc-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-backend-afc-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-samba-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-backend-samba-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-samba-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-backend-samba-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-samba-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-backend-samba-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backend-samba-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-backend-samba-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backends-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-backends-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backends-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-backends-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backends-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-backends-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-backends-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-backends-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-devel-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-devel-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-devel-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-devel-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-devel-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-devel-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-devel-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-devel-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-fuse-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-fuse-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-fuse-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-fuse-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-fuse-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-fuse-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-fuse-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-fuse-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-lang-1.48.1-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64"
        },
        "product_reference": "gvfs-lang-1.48.1-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-lang-1.48.1-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le"
        },
        "product_reference": "gvfs-lang-1.48.1-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-lang-1.48.1-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x"
        },
        "product_reference": "gvfs-lang-1.48.1-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gvfs-lang-1.48.1-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        },
        "product_reference": "gvfs-lang-1.48.1-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12447",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12447"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12447",
          "url": "https://www.suse.com/security/cve/CVE-2019-12447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136986 for CVE-2019-12447",
          "url": "https://bugzilla.suse.com/1136986"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-12447"
    },
    {
      "cve": "CVE-2019-12448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\u0027t implement query_info_on_read/write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12448",
          "url": "https://www.suse.com/security/cve/CVE-2019-12448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136981 for CVE-2019-12448",
          "url": "https://bugzilla.suse.com/1136981"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12448"
    },
    {
      "cve": "CVE-2019-12449",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12449"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file\u0027s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12449",
          "url": "https://www.suse.com/security/cve/CVE-2019-12449"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136992 for CVE-2019-12449",
          "url": "https://bugzilla.suse.com/1136992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-12449"
    },
    {
      "cve": "CVE-2019-12795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12795",
          "url": "https://www.suse.com/security/cve/CVE-2019-12795"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137930 for CVE-2019-12795",
          "url": "https://bugzilla.suse.com/1137930"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209876 for CVE-2019-12795",
          "url": "https://bugzilla.suse.com/1209876"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-12795"
    },
    {
      "cve": "CVE-2019-3827",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3827"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user\u0027s knowledge. Successful exploitation requires uncommon system configuration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
          "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3827",
          "url": "https://www.suse.com/security/cve/CVE-2019-3827"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125084 for CVE-2019-3827",
          "url": "https://bugzilla.suse.com/1125084"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-32bit-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-afc-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backend-samba-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-backends-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-devel-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-fuse-1.48.1-1.3.x86_64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.aarch64",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.ppc64le",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.s390x",
            "openSUSE Tumbleweed:gvfs-lang-1.48.1-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3827"
    }
  ]
}

CVE-2019-3827 (GCVE-0-2019-3827)

Vulnerability from cvelistv5

Published

2019-03-25 17:47

Modified

2024-08-04 19:19

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-863

Summary

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827	x_refsource_CONFIRM
	https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:1517	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2145	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	gvfs	Version: 1.39.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31"
          },
          {
            "name": "RHSA-2019:1517",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1517"
          },
          {
            "name": "RHSA-2019:2145",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gvfs",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "1.39.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user\u0027s knowledge. Successful exploitation requires uncommon system configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T14:06:12",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31"
        },
        {
          "name": "RHSA-2019:1517",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1517"
        },
        {
          "name": "RHSA-2019:2145",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-3827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "gvfs",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.39.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user\u0027s knowledge. Successful exploitation requires uncommon system configuration."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31",
              "refsource": "CONFIRM",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31"
            },
            {
              "name": "RHSA-2019:1517",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1517"
            },
            {
              "name": "RHSA-2019:2145",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-3827",
    "datePublished": "2019-03-25T17:47:35",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-08-04T19:19:18.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12449 (GCVE-0-2019-12449)

Vulnerability from cvelistv5

Published

2019-05-29 16:16

Modified

2024-08-04 23:17

Severity ?

CWE

Summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4053-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2019/07/09/3	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/	vendor-advisory, x_refsource_FEDORA
	https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:40.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
          },
          {
            "name": "openSUSE-SU-2019:1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
          },
          {
            "name": "USN-4053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4053-1/"
          },
          {
            "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
          },
          {
            "name": "FEDORA-2019-6ed5523cc0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
          },
          {
            "name": "FEDORA-2019-e6b02af8b8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file\u0027s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T18:29:37",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
        },
        {
          "name": "openSUSE-SU-2019:1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
        },
        {
          "name": "USN-4053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4053-1/"
        },
        {
          "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
        },
        {
          "name": "FEDORA-2019-6ed5523cc0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
        },
        {
          "name": "FEDORA-2019-e6b02af8b8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file\u0027s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2019:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
            },
            {
              "name": "openSUSE-SU-2019:1697",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
            },
            {
              "name": "USN-4053-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4053-1/"
            },
            {
              "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
            },
            {
              "name": "FEDORA-2019-6ed5523cc0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
            },
            {
              "name": "FEDORA-2019-e6b02af8b8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12449",
    "datePublished": "2019-05-29T16:16:06",
    "dateReserved": "2019-05-29T00:00:00",
    "dateUpdated": "2024-08-04T23:17:40.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12447 (GCVE-0-2019-12447)

Vulnerability from cvelistv5

Published

2019-05-29 16:15

Modified

2024-08-04 23:17

Severity ?

CWE

Summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4053-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2019/07/09/3	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/	vendor-advisory, x_refsource_FEDORA
	https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:40.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
          },
          {
            "name": "openSUSE-SU-2019:1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
          },
          {
            "name": "USN-4053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4053-1/"
          },
          {
            "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
          },
          {
            "name": "FEDORA-2019-6ed5523cc0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
          },
          {
            "name": "FEDORA-2019-e6b02af8b8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T18:26:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
        },
        {
          "name": "openSUSE-SU-2019:1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
        },
        {
          "name": "USN-4053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4053-1/"
        },
        {
          "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
        },
        {
          "name": "FEDORA-2019-6ed5523cc0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
        },
        {
          "name": "FEDORA-2019-e6b02af8b8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12447",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2019:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
            },
            {
              "name": "openSUSE-SU-2019:1697",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
            },
            {
              "name": "USN-4053-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4053-1/"
            },
            {
              "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
            },
            {
              "name": "FEDORA-2019-6ed5523cc0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
            },
            {
              "name": "FEDORA-2019-e6b02af8b8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12447",
    "datePublished": "2019-05-29T16:15:29",
    "dateReserved": "2019-05-29T00:00:00",
    "dateUpdated": "2024-08-04T23:17:40.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12448 (GCVE-0-2019-12448)

Vulnerability from cvelistv5

Published

2019-05-29 16:15

Modified

2024-08-04 23:17

Severity ?

CWE

Summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4053-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2019/07/09/3	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/	vendor-advisory, x_refsource_FEDORA
	https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:40.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
          },
          {
            "name": "openSUSE-SU-2019:1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
          },
          {
            "name": "USN-4053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4053-1/"
          },
          {
            "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
          },
          {
            "name": "FEDORA-2019-6ed5523cc0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
          },
          {
            "name": "FEDORA-2019-e6b02af8b8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\u0027t implement query_info_on_read/write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T18:28:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
        },
        {
          "name": "openSUSE-SU-2019:1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
        },
        {
          "name": "USN-4053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4053-1/"
        },
        {
          "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
        },
        {
          "name": "FEDORA-2019-6ed5523cc0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
        },
        {
          "name": "FEDORA-2019-e6b02af8b8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\u0027t implement query_info_on_read/write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2019:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
            },
            {
              "name": "openSUSE-SU-2019:1697",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
            },
            {
              "name": "USN-4053-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4053-1/"
            },
            {
              "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
            },
            {
              "name": "FEDORA-2019-6ed5523cc0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
            },
            {
              "name": "FEDORA-2019-e6b02af8b8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12448",
    "datePublished": "2019-05-29T16:15:57",
    "dateReserved": "2019-05-29T00:00:00",
    "dateUpdated": "2024-08-04T23:17:40.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12795 (GCVE-0-2019-12795)

Vulnerability from cvelistv5

Published

2019-06-11 21:07

Modified

2024-08-04 23:32

Severity ?

CWE

Summary

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

References

►

URL

Tags

	https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a	x_refsource_MISC
	https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f	x_refsource_MISC
	https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe	x_refsource_MISC
	http://www.securityfocus.com/bid/108741	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4053-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:3553	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:54.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe"
          },
          {
            "name": "108741",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108741"
          },
          {
            "name": "[debian-lts-announce] 20190619 [SECURITY] [DLA 1827-1] gvfs security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
          },
          {
            "name": "openSUSE-SU-2019:1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
          },
          {
            "name": "USN-4053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4053-1/"
          },
          {
            "name": "FEDORA-2019-6ed5523cc0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
          },
          {
            "name": "FEDORA-2019-e6b02af8b8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
          },
          {
            "name": "RHSA-2019:3553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3553"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-06T00:08:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe"
        },
        {
          "name": "108741",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108741"
        },
        {
          "name": "[debian-lts-announce] 20190619 [SECURITY] [DLA 1827-1] gvfs security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
        },
        {
          "name": "openSUSE-SU-2019:1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
        },
        {
          "name": "USN-4053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4053-1/"
        },
        {
          "name": "FEDORA-2019-6ed5523cc0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
        },
        {
          "name": "FEDORA-2019-e6b02af8b8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
        },
        {
          "name": "RHSA-2019:3553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3553"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe"
            },
            {
              "name": "108741",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108741"
            },
            {
              "name": "[debian-lts-announce] 20190619 [SECURITY] [DLA 1827-1] gvfs security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"
            },
            {
              "name": "openSUSE-SU-2019:1697",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"
            },
            {
              "name": "USN-4053-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4053-1/"
            },
            {
              "name": "FEDORA-2019-6ed5523cc0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"
            },
            {
              "name": "FEDORA-2019-e6b02af8b8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
            },
            {
              "name": "RHSA-2019:3553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3553"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12795",
    "datePublished": "2019-06-11T21:07:32",
    "dateReserved": "2019-06-11T00:00:00",
    "dateUpdated": "2024-08-04T23:32:54.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:10838-1

Vulnerability from csaf_opensuse

CVE-2019-3827 (GCVE-0-2019-3827)

Vulnerability from cvelistv5

CVE-2019-12449 (GCVE-0-2019-12449)

Vulnerability from cvelistv5

CVE-2019-12447 (GCVE-0-2019-12447)

Vulnerability from cvelistv5

CVE-2019-12448 (GCVE-0-2019-12448)

Vulnerability from cvelistv5

CVE-2019-12795 (GCVE-0-2019-12795)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature