4 matches found
GO-2021-0087 Race condition in github.com/opencontainers/runc
A race while mounting volumes allows a possible symlink-exchange attack, allowing a user whom can start multiple containers with custom volume mount configurations to escape the container...
CVE-2021-22191
There's a flaw in Wireshark. An attacker who sends malicious links with schemes other than http/https over the wire or via a pcapng file, and who is able to get a victim user of Wireshark's user interface to click these links, could perform actions such as mounting volumes, or in some cases...
USN-4770-1 glusterfs vulnerabilities
It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...
PT-2018-3746 · Red Hat +3 · Gluster +3
Name of the Vulnerable Software and Affected Versions: gluster versions 3.x Description: The issue is related to a privilege escalation flaw in the gluster snapshot scheduler, which can be exploited by scheduling a malicious cronjob via symlink. This flaw allows an attacker to escalate privileges...