How severe is CVE-2019-12795?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-12795?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2019-12795 - HIGH Severity | CVSS 7.8

Vulnerability Description

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Related Vulnerabilities

CVE-2001-0497

HIGH

CVSS:7.8(High)

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which all...

CWE-2762001

CVE-2002-1844

HIGH

CVSS:7.8(High)

Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileg...

CWE-2762002

CVE-2005-1941

HIGH

CVSS:7.8(High)

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

CWE-2762005

CVE-2014-7302

HIGH

CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

CWE-2762014

CVE-2014-7303

HIGH

CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc...

CWE-2762014

CVE-2015-7378

HIGH

CVSS:7.8(High)

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_...

CWE-2762015