Lucene search
K
RedhatStorage

31 matches found

CVE
CVE
added 2014/06/05 9:0 p.m.15804 views

CVE-2014-3470

CVE-2014-3470 is an OpenSSL vulnerability where the ssl3_send_client_key_exchange in s3_clnt.c can trigger a NULL certificate value when using anonymous ECDH cipher suites, leading to a denial-of-service via NULL pointer dereference and client crash. Affected OpenSSL versions are before 0.9.8za, ...

4.3CVSS7.4AI score0.85784EPSS
CVE
CVE
added 2023/12/18 12:0 a.m.4929 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.93305EPSS
CVE
CVE
added 2014/04/07 12:0 a.m.4353 views

CVE-2014-0160

CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...

7.5CVSS7.5AI score0.99999EPSS
In wild
CVE
CVE
added 2012/05/11 10:0 a.m.1942 views

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

9.8CVSS9.9AI score0.99998EPSS
In wildWeb
CVE
CVE
added 2012/01/28 2:0 a.m.1207 views

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

4.3CVSS6.2AI score0.82756EPSS
CVE
CVE
added 2023/11/03 12:32 p.m.900 views

CVE-2023-3961

Samba (smbd) is affected by CVE-2023-3961 due to insufficient sanitization of client pipe names for Unix domain sockets, enabling a path traversal that could let a client connect as root to sockets outside the private directory. Exploitation details are not provided beyond this risk, but multiple...

9.8CVSS9.3AI score0.02409EPSS
CVE
CVE
added 2012/01/18 8:0 p.m.832 views

CVE-2012-0031

CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...

4.6CVSS7AI score0.02905EPSS
CVE
CVE
added 2014/06/05 9:0 p.m.794 views

CVE-2014-0224

CVE-2014-0224 describes an OpenSSL ChangeCipherSpec (CCS) handling flaw that can enable a Man-in-the-Middle to force use of weak key material in TLS/SSL sessions, allowing traffic decryption or modification between vulnerable client and server. The initial OpenSSL disclosures specify affected ser...

7.4CVSS7.5AI score0.95326EPSS
CVE
CVE
added 2020/12/03 12:0 a.m.671 views

CVE-2020-14318

CVE-2020-14318 is a Samba security issue: a missing handle permissions check in ChangeNotify could allow an authenticated user to access file/directory information that should be restricted. Connected documents confirm Samba as the affected product and specify the vulnerable component/function (C...

4.3CVSS5.6AI score0.01521EPSS
CVE
CVE
added 2023/11/03 7:56 a.m.617 views

CVE-2023-4091

CVE-2023-4091 affects Samba, where the acl_xattr VFS module can allow an SMB client to truncate files to zero bytes even when opened with read-only access. This occurs when acl_xattr:ignore system acls = yes and the client uses an OVERWRITE create disposition, bypassing kernel permissions checks....

6.5CVSS7AI score0.01174EPSS
CVE
CVE
added 2020/07/07 1:38 p.m.581 views

CVE-2020-10730

CVE-2020-10730 affects the Samba AD DC LDAP Server (ASQ, VLV, and paged_results) with a NULL pointer dereference/use-after-free in affected builds prior to 4.10.17, 4.11.11, and 4.12.4. The root cause is in handling certain LDAP controls in the AD DC LDAP server, with the issue also present in th...

6.5CVSS6.8AI score0.0244EPSS
CVE
CVE
added 2022/02/21 12:0 a.m.472 views

CVE-2021-44141

CVE-2021-44141 affects Samba. All versions prior to 4.15.5 are vulnerable to a server-symlink race that lets a malicious client determine existence of files/dirs outside the exported share, with SMB1 and UNIX extensions enabled required for exploitation. The issue is mitigated by upgrading to a f...

4.3CVSS6.1AI score0.01097EPSS
CVE
CVE
added 2020/01/21 12:0 a.m.449 views

CVE-2019-14907

Summary (CVE-2019-14907) : Samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12, and 4.11.x before 4.11.5 have a flaw where, if log level is set to 3 or higher, a client string obtained after a failed character conversion can be printed during NTLMSSP negotiation. In the Samba AD DC this may...

6.5CVSS6.5AI score0.03151EPSS
CVE
CVE
added 2022/08/23 3:50 p.m.323 views

CVE-2021-3670

The CVE-2021-3670 issue concerns the Samba ldb LDAP server: MaxQueryDuration is not honoured in the AD DC LDAP path, allowing potential denial-of-service by overloading LDAP. Affected: Samba’s ldb/LDAP component; root cause is LDAP query duration not being enforced. Impact: DoS via excessive LDAP...

6.5CVSS6.4AI score0.01716EPSS
CVE
CVE
added 2023/11/06 6:57 a.m.300 views

CVE-2023-42669

Samba CVE-2023-42669 describes denial of service via the rpcecho development server. The vulnerability stems from an RPC function that can be blocked indefinitely because rpcecho runs with a single worker in the main RPC task, allowing calls to sleep for a specified duration and block, potentiall...

6.5CVSS7.7AI score0.01723EPSS
CVE
CVE
added 2012/07/03 7:0 p.m.291 views

CVE-2012-0876

The CVE-2012-0876 issue affects the Expat XML parser (xmlparse.c) prior to version 2.1.0, where hash initialization is not salted to prevent hash collisions. This enables context-dependent attackers to trigger collision-based DoS via XML files with many identical identifiers. References and downs...

4.3CVSS7.4AI score0.05724EPSS
CVE
CVE
added 2023/07/20 2:58 p.m.267 views

CVE-2023-34968

CVE-2023-34968 refers to Samba Spotlight mdssvc RPC path disclosure, where the server-side absolute path of shares/files is exposed in search results. Connected sources confirm this is a Samba issue in the Spotlight path return handling and list it among related CVEs (e.g., CVEs 2022-2127, 2023-3...

5.3CVSS5.7AI score0.01185EPSS
CVE
CVE
added 2023/07/20 2:54 p.m.216 views

CVE-2023-3347

Samba SMB2 packet signing was not enforced when server signing is required, enabling potential tampering of SMB2 traffic and compromising data integrity. The CVE affects Samba and has multiple advisories (e.g., ALMAS/Errata entries) linking to CVE-2023-3347. Connected documents indicate remediati...

5.9CVSS5.5AI score0.0039EPSS
CVE
CVE
added 2012/03/22 4:0 p.m.212 views

CVE-2011-3045

CVE-2011-3045 describes an integer signedness error in libpng’s png_inflate (pngrutil.c) affecting libpng before 1.4.10beta01. The vulnerability, cited as used in Google Chrome before 17.0.963.83 and other products, can cause a denial of service (application crash) or potentially allow arbitrary ...

8.8CVSS9AI score0.03567EPSS
CVE
CVE
added 2020/05/11 12:0 a.m.212 views

CVE-2020-10685

CVE-2020-10685 affects Ansible Engine versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, and Ansible Tower up to 3.6.3, when using vault-decrypting modules (assemble, script, unarchive, win_copy, aws_s3, copy). A temporary directory is created in /tmp and left unencrypted; on ...

5.5CVSS5.8AI score0.00376EPSS
CVE
CVE
added 2022/03/21 7:51 p.m.198 views

CVE-2022-26148

Grafana (through 7.3.4) integrated with Zabbix contains a credentials disclosure flaw: the Zabbix password and URL can be exposed by inspecting api_jsonrpc.php in the HTML source after login/registration, enabling an attacker with access to the app to obtain sensitive Zabbix credentials. Root cau...

9.8CVSS9.4AI score0.53439EPSS
CVE
CVE
added 2012/06/05 10:0 p.m.188 views

CVE-2012-0247

CVE-2012-0247 affects ImageMagick 6.7.5-7 and earlier. The vulnerability allows remote attackers to cause memory corruption and potentially execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0. Connected advisories document that patches exist acros...

8.8CVSS8.3AI score0.03816EPSS
CVE
CVE
added 2014/06/05 9:0 p.m.181 views

CVE-2014-0221

The CVE concerns OpenSSL: the function dtls1_get_message_fragment in d1_both.c is vulnerable to a DoS via an invalid DTLS handshake. Affected are OpenSSL binaries prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In practice, a remote attacker can trigger recursion and a client cras...

4.3CVSS6.8AI score0.87892EPSS
CVE
CVE
added 2012/06/05 11:0 p.m.120 views

CVE-2012-1938

CVE-2012-1938 affects Mozilla's browser engine and is described in the MiracleLinux AXSA:2012-857 advisory as multiple vulnerabilities in Firefox (and related components) that could allow memory corruption and remote code execution. Specifically, it impacts Mozilla Firefox before 13.0, Thunderbir...

9.3CVSS9.9AI score0.04899EPSS
CVE
CVE
added 2012/10/22 11:0 p.m.106 views

CVE-2012-4406

OpenStack Swift prior to 1.7.0 is vulnerable: it uses the pickle loads function to serialize/deserialize metadata in memcached, enabling remote code execution via a crafted pickle object. Public advisories (RHSA-2012:1379) note that a fix exists but is not enabled by default; remediation involves...

9.8CVSS9.4AI score0.06518EPSS
CVE
CVE
added 2022/09/01 8:30 p.m.106 views

CVE-2022-2447

CVE-2022-2447 affects OpenStack Keystone. A time lag (up to one hour) between policy revocation and actual revocation could let a remote administrator maintain access longer than expected. Related advisories (e.g., Ubuntu USN-7926-1) reference this CVE and indicate that updates are available; app...

6.6CVSS6.4AI score0.00607EPSS
CVE
CVE
added 2012/06/17 1:0 a.m.93 views

CVE-2012-0037

The CVE-2012-0037 issue affects Redland Raptor (libraptor) and is triggered when parsing RDF/XML with an XXE declaration. The vulnerability allows user-assisted remote attackers to read arbitrary files via crafted RDF documents, as observed in libraptor versions used by OpenOffice/LibreOffice lin...

6.5CVSS6.2AI score0.13682EPSS
CVE
CVE
added 2012/06/05 10:0 p.m.92 views

CVE-2012-0248

CVE-2012-0248 affects ImageMagick 6.7.5-7 and earlier, enabling remote DoS (infinite loop/hang) via a crafted image whose IFD contains IOP tags referencing the start of the IDF. The connected sources confirm the affected version range and the attack vector is remote, with impact limited to denial...

5.5CVSS6.2AI score0.02096EPSS
CVE
CVE
added 2012/06/05 10:0 p.m.90 views

CVE-2012-0260

CVE-2012-0260 affects ImageMagick prior to 6.7.6-3: the JPEGWarningHandler in coders/jpeg.c can be triggered by a crafted JPEG with specific restart marker sequences, causing memory consumption DoS. Affected versions are ImageMagick before 6.7.6-3; remediation is to upgrade to a fixed release (6....

6.5CVSS6.7AI score0.0236EPSS
CVE
CVE
added 2012/06/05 10:0 p.m.81 views

CVE-2012-1798

CVE-2012-1798 affects ImageMagick prior to 6.7.6-3. The TIFFGetEXIFProperties function in coders/tiff.c allows a remote attacker to trigger a denial of service via a crafted EXIF IFD in a TIFF image, causing an out-of-bounds read and crash. The vulnerability context is consistent with reports tha...

6.5CVSS6.7AI score0.02397EPSS
CVE
CVE
added 2019/11/04 6:50 p.m.57 views

CVE-2013-4280

CVE-2013-4280 affects RedHat vsdm 4.9.6 with an insecure temporary file vulnerability. The vulnerability’s impact is limited to integrity (I:H) with no confidentiality or availability impact per CVSS. It is a local-attack, low-complexity issue without required user interaction. Connected Nessus d...

5.5CVSS5.5AI score0.00422EPSS