Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/gvfs@1.38.1-5
Typedeb
Namespacedebian
Namegvfs
Version1.38.1-5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.50.3-1+deb12u1
Latest_non_vulnerable_version1.50.3-1+deb12u1
Affected_by_vulnerabilities
0
url VCID-t7wt-xmhu-pkce
vulnerability_id VCID-t7wt-xmhu-pkce
summary gvfs: FTP GVfs backend: Arbitrary FTP command injection via CRLF sequences in file paths
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28296.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28296.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28296
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26291
published_at 2026-06-06T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26298
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28296
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28296
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28296
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129286
reference_id 1129286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129286
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443003
reference_id 2443003
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T18:22:57Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443003
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-28296
reference_id CVE-2026-28296
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T18:22:57Z/
url https://access.redhat.com/security/cve/CVE-2026-28296
12
reference_url https://usn.ubuntu.com/8114-1/
reference_id USN-8114-1
reference_type
scores
url https://usn.ubuntu.com/8114-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.50.3-1%2Bdeb12u1
purl pkg:deb/debian/gvfs@1.50.3-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.50.3-1%252Bdeb12u1
aliases CVE-2026-28296
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t7wt-xmhu-pkce
1
url VCID-ucxp-fzcj-7qbw
vulnerability_id VCID-ucxp-fzcj-7qbw
summary gvfs: GVfs FTP backend: Information disclosure via untrusted PASV responses
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28295.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28295.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28295
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15255
published_at 2026-06-06T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15266
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28295
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28295
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129285
reference_id 1129285
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129285
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443004
reference_id 2443004
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T18:07:04Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443004
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-28295
reference_id CVE-2026-28295
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T18:07:04Z/
url https://access.redhat.com/security/cve/CVE-2026-28295
12
reference_url https://usn.ubuntu.com/8114-1/
reference_id USN-8114-1
reference_type
scores
url https://usn.ubuntu.com/8114-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.50.3-1%2Bdeb12u1
purl pkg:deb/debian/gvfs@1.50.3-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.50.3-1%252Bdeb12u1
aliases CVE-2026-28295
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucxp-fzcj-7qbw
Fixing_vulnerabilities
0
url VCID-87tu-9917-7uca
vulnerability_id VCID-87tu-9917-7uca
summary An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12448.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12448.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12448
reference_id
reference_type
scores
0
value 0.00489
scoring_system epss
scoring_elements 0.65854
published_at 2026-06-04T12:55:00Z
1
value 0.00489
scoring_system epss
scoring_elements 0.65907
published_at 2026-06-05T12:55:00Z
2
value 0.00489
scoring_system epss
scoring_elements 0.65919
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12448
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12448
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12448
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728564
reference_id 1728564
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728564
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id 929755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
5
reference_url https://security.archlinux.org/AVG-1007
reference_id AVG-1007
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1007
6
reference_url https://access.redhat.com/errata/RHSA-2020:1766
reference_id RHSA-2020:1766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1766
7
reference_url https://usn.ubuntu.com/4053-1/
reference_id USN-4053-1
reference_type
scores
url https://usn.ubuntu.com/4053-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.38.1-5
purl pkg:deb/debian/gvfs@1.38.1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t7wt-xmhu-pkce
1
vulnerability VCID-ucxp-fzcj-7qbw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5
aliases CVE-2019-12448
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87tu-9917-7uca
1
url VCID-payc-kh4b-rbej
vulnerability_id VCID-payc-kh4b-rbej
summary An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12447.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12447
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.6984
published_at 2026-06-04T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.69879
published_at 2026-06-05T12:55:00Z
2
value 0.006
scoring_system epss
scoring_elements 0.69888
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12447
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728562
reference_id 1728562
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728562
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id 929755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
5
reference_url https://security.archlinux.org/AVG-1007
reference_id AVG-1007
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1007
6
reference_url https://access.redhat.com/errata/RHSA-2020:1766
reference_id RHSA-2020:1766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1766
7
reference_url https://usn.ubuntu.com/4053-1/
reference_id USN-4053-1
reference_type
scores
url https://usn.ubuntu.com/4053-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.38.1-5
purl pkg:deb/debian/gvfs@1.38.1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t7wt-xmhu-pkce
1
vulnerability VCID-ucxp-fzcj-7qbw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5
aliases CVE-2019-12447
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-payc-kh4b-rbej
2
url VCID-tz9n-snev-vbgy
vulnerability_id VCID-tz9n-snev-vbgy
summary daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12795.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12795
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20719
published_at 2026-06-04T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20795
published_at 2026-06-05T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20782
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12795
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1726505
reference_id 1726505
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1726505
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930376
reference_id 930376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930376
6
reference_url https://security.archlinux.org/AVG-1007
reference_id AVG-1007
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1007
7
reference_url https://access.redhat.com/errata/RHSA-2019:3553
reference_id RHSA-2019:3553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3553
8
reference_url https://usn.ubuntu.com/4053-1/
reference_id USN-4053-1
reference_type
scores
url https://usn.ubuntu.com/4053-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.38.1-5
purl pkg:deb/debian/gvfs@1.38.1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t7wt-xmhu-pkce
1
vulnerability VCID-ucxp-fzcj-7qbw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5
aliases CVE-2019-12795
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tz9n-snev-vbgy
3
url VCID-ynup-ynpk-6yg1
vulnerability_id VCID-ynup-ynpk-6yg1
summary An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3827.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3827
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19119
published_at 2026-06-04T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19191
published_at 2026-06-05T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19188
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3827
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3827
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1665578
reference_id 1665578
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1665578
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921816
reference_id 921816
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921816
6
reference_url https://access.redhat.com/errata/RHSA-2019:1517
reference_id RHSA-2019:1517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1517
7
reference_url https://access.redhat.com/errata/RHSA-2019:2145
reference_id RHSA-2019:2145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2145
8
reference_url https://usn.ubuntu.com/3888-1/
reference_id USN-3888-1
reference_type
scores
url https://usn.ubuntu.com/3888-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.38.1-5
purl pkg:deb/debian/gvfs@1.38.1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t7wt-xmhu-pkce
1
vulnerability VCID-ucxp-fzcj-7qbw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5
aliases CVE-2019-3827
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynup-ynpk-6yg1
4
url VCID-zqws-djs8-mye7
vulnerability_id VCID-zqws-djs8-mye7
summary An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12449.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12449.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12449
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.6984
published_at 2026-06-04T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.69879
published_at 2026-06-05T12:55:00Z
2
value 0.006
scoring_system epss
scoring_elements 0.69888
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12449
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12449
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12449
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728567
reference_id 1728567
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728567
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
reference_id 929755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755
5
reference_url https://security.archlinux.org/AVG-1007
reference_id AVG-1007
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1007
6
reference_url https://access.redhat.com/errata/RHSA-2020:1766
reference_id RHSA-2020:1766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1766
7
reference_url https://usn.ubuntu.com/4053-1/
reference_id USN-4053-1
reference_type
scores
url https://usn.ubuntu.com/4053-1/
fixed_packages
0
url pkg:deb/debian/gvfs@1.38.1-5
purl pkg:deb/debian/gvfs@1.38.1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t7wt-xmhu-pkce
1
vulnerability VCID-ucxp-fzcj-7qbw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5
aliases CVE-2019-12449
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqws-djs8-mye7
Risk_score1.9
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/gvfs@1.38.1-5