Lucene search
K
RedhatGluster Storage

25 matches found

CVE
CVE
added 2014/04/07 12:0 a.m.4346 views

CVE-2014-0160

CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...

7.5CVSS7.5AI score0.99999EPSS
In wild
CVE
CVE
added 2022/02/21 2:30 p.m.1225 views

CVE-2021-44142

The CVE-2021-44142 issue is in the Samba vfs_fruit module. It allows out-of-bounds heap read/write via specially crafted extended file attributes (xattrs) when vfs_fruit is configured on Samba versions older than 4.13.17, 4.14.12, and 4.15.5. A remote attacker with write access to xattrs can exec...

9CVSS8.9AI score0.74042EPSS
CVE
CVE
added 2022/02/18 12:0 a.m.903 views

CVE-2020-25717

CVE-2020-25717 affects Samba: an authenticated user mapping domain users to local users can lead to privilege escalation. Public references in Connected documents confirm this is a Samba issue (no exploit details provided here). Several advisories and vendor notes indicate patches or updated pack...

8.5CVSS8.1AI score0.01612EPSS
CVE
CVE
added 2022/02/18 12:0 a.m.669 views

CVE-2016-2124

CVE-2016-2124 is a Samba SMB1 authentication flaw. The vulnerability lets an attacker retrieve plaintext passwords sent over the wire, even when Kerberos may be required. Connected sources confirm Samba SMB1 handling is at issue, with advisories across Red Hat, Amazon Linux 2/ALAS, Alpine and Clo...

5.9CVSS7.2AI score0.01752EPSS
CVE
CVE
added 2019/04/09 3:18 p.m.584 views

CVE-2019-3880

CVE-2019-3880 affects Samba where an RPC endpoint emulating Windows registry API can be abused by an unprivileged user to save a registry hive file outside the share, potentially creating a new file in the Samba share. Affected versions are pre-4.8.11, pre-4.9.6 and pre-4.10.2. Red Hat/CentOS and...

5.5CVSS5.6AI score0.03392EPSS
CVE
CVE
added 2018/10/08 3:0 p.m.549 views

CVE-2018-1000808

CVE-2018-1000808 affects Python Cryptographic Authority pyopenssl prior to 17.5.0, describing a CWE-401 use-after-free in PKCS#12 Store handling that can lead to a Denial of Service when memory is constrained. The issue arises when loading/reloading certificates from PKCS#12, potentially triggere...

5.9CVSS6.5AI score0.01895EPSS
CVE
CVE
added 2018/07/26 4:0 p.m.439 views

CVE-2017-12163

CVE-2017-12163 is an information-leak in Samba SMB1 processing that can enable a malicious client to dump server memory to a file on a Samba share or a shared printer. Affected: Samba prior to 4.4.16 (4.5.x before 4.5.14, 4.6.x before 4.6.8). Impact: partial confidentiality of memory; exact memor...

7.1CVSS7AI score0.0759EPSS
CVE
CVE
added 2018/07/26 6:0 p.m.423 views

CVE-2017-12150

CVE-2017-12150 affects Samba releases that did not enforce SMB signing when certain configuration options were enabled, enabling a remote attacker to perform a MITM and read plaintext data. Affected versions include Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. Remediation: up...

7.4CVSS6.5AI score0.13228EPSS
CVE
CVE
added 2018/07/19 1:0 p.m.373 views

CVE-2017-7481

CVE-2017-7481 affects Ansible before versions 2.3.1.0 and 2.4.0.0, where lookup-plugin results could be marked unsafe, allowing code execution via jinja2 if an attacker controls lookup() results. The description and connected advisories confirm the vulnerability originates from unsafe lookup resu...

9.8CVSS9.3AI score0.04804EPSS
In wild
CVE
CVE
added 2018/07/13 10:0 p.m.273 views

CVE-2018-10875

CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...

7.8CVSS7.7AI score0.00587EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.267 views

CVE-2018-10928

GlusterFS vulnerability CVE-2018-10928: an authenticated remote attacker could exploit improper validation of RPC requests via gfs3_symlink_req to create arbitrary symlinks outside the volume and potentially execute code on the server. Public advisories document multiple remediation streams acros...

8.8CVSS8.6AI score0.02699EPSS
CVE
CVE
added 2018/04/18 4:0 p.m.247 views

CVE-2018-1088

CVE-2018-1088 affects GlusterFS 3.x via the snapshot scheduler: an unauthenticated client could exploit the scheduler to mount shared storage and escalate privileges by scheduling a malicious cronjob via a symlink. The issue is tied to a regression/regression-related chain (CVE-2018-1112) in patc...

8.1CVSS8AI score0.05374EPSS
CVE
CVE
added 2012/03/22 4:0 p.m.212 views

CVE-2011-3045

CVE-2011-3045 describes an integer signedness error in libpng’s png_inflate (pngrutil.c) affecting libpng before 1.4.10beta01. The vulnerability, cited as used in Google Chrome before 17.0.963.83 and other products, can cause a denial of service (application crash) or potentially allow arbitrary ...

8.8CVSS9AI score0.03567EPSS
CVE
CVE
added 2018/10/31 8:0 p.m.202 views

CVE-2016-2125

CVE-2016-2125 affects Samba before 4.5.3, 4.4.8, and 4.3.13: Samba clients always request forwardable Kerberos tickets, allowing a service authenticated by Kerberos to impersonate Samba to other services or domain users. Connected advisories from Red Hat, CentOS, Debian, Fedora, and Alpine report...

6.5CVSS6.5AI score0.09199EPSS
CVE
CVE
added 2018/10/31 7:0 p.m.191 views

CVE-2018-14654

CVE-2018-14654 affects GlusterFS (up to 4.1.x) via the GF_XATTROP_ENTRY_IN_KEY path in the translator used during mounting, allowing a remote attacker with access to mounted volumes to create arbitrary, empty files on the server. Exploitation details are not provided in the given documents. Remed...

8.5CVSS7.1AI score0.0263EPSS
CVE
CVE
added 2018/10/31 7:0 p.m.177 views

CVE-2018-14652

CVE-2018-14652 affects GlusterFS up to 3.12 and 4.1.4. A buffer overflow can occur in the features/index translator via GF_XATTR_CLRLK_CMD in pl_getxattr, allowing a remote authenticated attacker to cause a denial of service on a mounted volume. The provided documents do not include specifics on ...

6.5CVSS7.2AI score0.02747EPSS
CVE
CVE
added 2018/10/31 7:0 p.m.174 views

CVE-2018-14653

CVE-2018-14653 affects GlusterFS up to versions 4.1.4 and 3.12, with a heap-based buffer overflow in the __server_getspec path triggered by the gf_getspec_req RPC message. A remote authenticated attacker could cause a denial of service and potentially other unspecified impact. Connected advisorie...

8.8CVSS8.3AI score0.02769EPSS
CVE
CVE
added 2020/11/24 4:17 p.m.149 views

CVE-2020-10763

The CVE-2020-10763 issue concerns Heketi before 10.1.0 where sensitive data (gluster-block passwords) can be disclosed via logs. The flaw requires local access to the Heketi server and arises from how logging is performed, allowing an attacker to read password details in logs. Public advisories r...

5.5CVSS4.9AI score0.00414EPSS
CVE
CVE
added 2017/11/08 7:0 p.m.89 views

CVE-2017-15087

CVE-2017-15087 is a descriptor indicating that the fix for CVE-2017-12163 was not properly shipped in the erratum RHSA-2017:3110 for Red Hat Gluster Storage 3.3 on RHEL 6. Connected records show CVE-2017-12163 concerns an SMB1 information-leak in Samba, but there are no additional technical detai...

7.5CVSS7.2AI score0.0208EPSS
CVE
CVE
added 2017/06/27 8:0 p.m.85 views

CVE-2015-1795

CVE-2015-1795 affects Red Hat Gluster Storage 3.2.0. The vulnerability is a local privilege escalation where a local user could gain root privileges and execute arbitrary code, related to glusterfs-server packaging. RHSA-2017:0484/0486 indicate the fix/update path, upgrading glusterfs to 3.8.4 an...

7.8CVSS7.9AI score0.00457EPSS
CVE
CVE
added 2017/11/08 7:0 p.m.76 views

CVE-2017-15086

CVE-2017-15086 notes that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:3110 for Red Hat Gluster Storage 3.3 on RHEL 6. The connected CVE-2017-12151 entry describes a MITM risk due to SMB signing/encryption handling in Samba (e.g., DFS redirects and libsmbclient usage)....

7.4CVSS7.4AI score0.01715EPSS
CVE
CVE
added 2019/03/25 5:12 p.m.72 views

CVE-2019-3831

CVE-2019-3831 affects vdsm, versions 4.19–4.30.3 and 4.30.5–4.30.8. The vulnerability arises from the systemd_run function exposed to the vdsm system user, which could be abused to execute arbitrary commands as root. The provided documents do not specify exploit details beyond this or a concrete ...

9CVSS6.9AI score0.01029EPSS
CVE
CVE
added 2017/11/08 7:0 p.m.71 views

CVE-2017-15085

CVE-2017-15085 notes that the fix for CVE-2017-12150 was not properly shipped in RHSA-2017:3110 for Red Hat Gluster Storage 3.3 on RHEL 6. The connected advisories confirm CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163 relate to Samba security fixes (SMB signing, DFS/SMB2 encryption handling,...

5.9CVSS6.5AI score0.01715EPSS
CVE
CVE
added 2018/09/11 3:0 p.m.69 views

CVE-2018-1127

CVE-2018-1127 affects Tendrl API in Red Hat Gluster Storage prior to 3.4.0, where session tokens are not immediately invalidated on logout and remain usable for a short window. This allows an attacker who captured tokens (e.g., via sniffing/MITM) to replay them and authenticate as the target user...

8.1CVSS8AI score0.01265EPSS
CVE
CVE
added 2015/11/25 8:0 p.m.66 views

CVE-2015-5242

CVE-2015-5242 affects OpenStack Swift-on-File (swiftonfile). The issue arises from loading metadata with Python’s pickle without proper restrictions, enabling a remote authenticated user to execute arbitrary code via crafted xattrs. Documented impact is remote code execution on the storage node; ...

6CVSS7.4AI score0.0223EPSS