Gluster Storage@3.0 Security Vulnerabilities and Issues — Gluster Storage@3.0 CVE List

Lucene search

RedhatGluster Storage3.0

10 matches found

CVE•added 2022/02/18 6:15 p.m.•836 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

8.5CVSS8.1AI score0.00152EPSS

CVE•added 2022/02/18 6:15 p.m.•616 views

CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

5.9CVSS7.2AI score0.00681EPSS

CVE•added 2019/04/09 4:29 p.m.•539 views

CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions befor...

5.5CVSS5.6AI score0.03009EPSS

CVE•added 2018/10/08 3:29 p.m.•524 views

CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends up...

5.9CVSS6.5AI score0.00164EPSS

CVE•added 2018/07/26 6:29 p.m.•383 views

CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

7.4CVSS6.5AI score0.17791EPSS

CVE•added 2018/07/26 4:29 p.m.•381 views

CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server...

7.1CVSS7AI score0.27333EPSS

CVE•added 2018/09/04 3:29 p.m.•237 views

CVE-2018-10928

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...

8.8CVSS8.6AI score0.01439EPSS

CVE•added 2018/10/31 8:29 p.m.•165 views

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

6.5CVSS6.5AI score0.12986EPSS

CVE•added 2020/11/24 5:15 p.m.•113 views

CVE-2020-10763

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

5.5CVSS4.9AI score0.00129EPSS

CVE•added 2019/03/25 6:29 p.m.•48 views

CVE-2019-3831

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.

9CVSS6.9AI score0.00095EPSS