37 matches found
EUVD-2018-6554
Malware in sbrugna...
EUVD-2018-6551
Malware in sbrugna...
EUVD-2018-6550
Malware in sbrugna...
EUVD-2018-6552
Malware in sbrugna...
SUSE CVE-2018-10914
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes...
Privilege Escalation
Gluster file system is vulnerable to privilege escalation. Remote authenticated attackers with access to mount volumes could elevate their privileges via creating arbitrary, empty files on the target server by manipulating FXATTROPENTRYINKEY argument...
Heap overflow
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the 'servergetspec' function via the 'gfgetspecreq' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact...
Null pointer dereference
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14653
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the 'servergetspec' function via the 'gfgetspecreq' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14653
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the 'servergetspec' function via the 'gfgetspecreq' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14653
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the 'servergetspec' function via the 'gfgetspecreq' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
UBUNTU-CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...