Lucene search
K

153 matches found

Veracode
Veracode
added 2019/01/15 8:51 a.m.30 views

Denial Of Service (DoS)

samba is vulnerable to denial of service. An integer overflow vulnerability allows an attacker to send a malicious Extended Attribute EA list to cause the server to utilize excessive amount of memory to loop and reprocess the list Samba, potentially crashing the process...

5CVSS6AI score0.69008EPSS
Exploits7References27Affected Software3
RedHat Linux
RedHat Linux
added 2018/11/05 2:57 p.m.5 views

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

6.5CVSS7.3AI score0.02172EPSS
Exploits0References4
OSV
OSV
added 2018/11/01 2:29 p.m.2 views

DEBIAN-CVE-2018-14660

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs serv...

6.5CVSS6.5AI score0.02515EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.5 views

glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion

A flaw was found in glusterfs server which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node...

6.5CVSS7.3AI score0.02515EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.6 views

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

6.5CVSS7.3AI score0.02172EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.4 views

glusterfs: Buffer overflow in "features/locks" translator allows for denial of service

A buffer overflow was found in strncpy of the plgetxattr function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service...

6.5CVSS7.6AI score0.02747EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.4 views

glusterfs: Buffer overflow in "features/locks" translator allows for denial of service

A buffer overflow was found in strncpy of the plgetxattr function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service...

6.5CVSS7.6AI score0.02747EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.4 views

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

6.5CVSS7.3AI score0.02172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/10/31 12:0 a.m.2 views

PT-2018-12649 · Red Hat +1 · Gluster +1

Name of the Vulnerable Software and Affected Versions: Gluster file system versions 3.1.2 through 4.1.4 Description: The issue allows a remote, authenticated attacker to perform a denial of service attack by utilizing the GF XATTR IOSTATS DUMP KEY xattr. This can be exploited by mounting a Gluste...

8.8CVSS6.6AI score0.05374EPSS
Exploits1References74
OSV
OSV
added 2018/09/04 2:29 p.m.1 views

DEBIAN-CVE-2018-10914

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes...

6.5CVSS6.9AI score0.02447EPSS
Exploits0References1
NVD
NVD
added 2018/09/04 1:29 p.m.19 views

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

8.8CVSS8.8AI score0.03024EPSS
Exploits0References9
OSV
OSV
added 2018/09/04 1:29 p.m.24 views

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

8.8CVSS7AI score0.03024EPSS
Exploits0References9
Prion
Prion
added 2018/09/04 1:29 p.m.34 views

Code injection

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

6.5CVSS8.7AI score0.03024EPSS
Exploits0References9Affected Software5
0day.today
0day.today
added 2018/06/05 12:0 a.m.95 views

Linux Kernel 4.16.11 #LinuxKernel - #ext4_read_inline_data() Memory Corruption Exploit

Exploit for linux platform in category dos / poc ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode...

6.6AI score0.16352EPSS
Exploits4
NVD
NVD
added 2018/05/24 6:29 p.m.25 views

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

5.9CVSS5.4AI score0.16352EPSS
Exploits4References8
Cvelist
Cvelist
added 2018/05/24 6:0 p.m.20 views

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

6AI score0.16352EPSS
Exploits4References8
Packet Storm
Packet Storm
added 2018/05/24 12:0 a.m.36 views

Linux Ext4 Out-Of-Bounds Memcpy

Linux ext4: out-of-bounds memcpy via non-inline system.data xattr ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2017/11/20 12:0 a.m.21 views

Rsync receive_xattr Heap-based Buffer Overread (CVE-2017-16548)

A heap-based buffer overread vulnerability exists in the receivexattr function of rsync. The vulnerability is due to an error in processing non NULL terminated extended attribute name strings in certain cases when using the rsync protocol. A remote, unauthenticated attacker could exploit this...

7.5CVSS4.4AI score0.05163EPSS
Exploits0
Packet Storm
Packet Storm
added 2017/09/30 12:0 a.m.56 views

Mac OS X Local Javascript Quarantine Bypass

Advisory ID: SGMA17-002 Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-27 Vendor fix:...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/09/29 12:0 a.m.35 views

Mac OS X Local Javascript Quarantine Bypass youtube Vulnerability

Exploit for macOS platform in category local exploits Details Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. Basically, Apple's Quarantine works by setting an extended attribute to downloaded...

6.8AI score
Exploits0
Rows per page
Query Builder