84 matches found
CVE-2023-6536
CVE-2023-6536 is a Linux kernel NVMe over TCP issue. The connected documents confirm a NULL pointer dereference in the NVMe target (nvmet_tcp_build_iovec and related paths) that could cause a kernel panic and denial of service. Affected software is the Linux kernel’s NVMe over TCP stack (nvmet_tc...
CVE-2018-5848
CVE-2018-5848 concerns the Linux kernel function wmi_set_ie(), where unsigned integer overflow in length validation can lead to a buffer overflow when processing the ie_len argument. The description across connected Nessus entries ties this to memory corruption and potential system crash, affecti...
CVE-2018-10875
CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...
CVE-2018-10929
CVE-2018-10929 affects GlusterFS (server side), where an authenticated attacker could exploit improper validation in the RPC path (gfs2_create_req) to create arbitrary files and potentially execute arbitrary code on storage server nodes. Connected advisories reference multiple vendors (Debian, Re...
CVE-2023-6356
CVE-2023-6356 is a Linux kernel vulnerability in the NVMe driver affecting NVMe over TCP. The connected Nessus entries enumerate the issue as a NULL pointer dereference in the NVMe target path (nvmet_tcp_build_iovec/nvmet_tcp_execute_request/__nvmet_req_complete), which can lead to kernel panic a...
CVE-2018-10928
GlusterFS vulnerability CVE-2018-10928: an authenticated remote attacker could exploit improper validation of RPC requests via gfs3_symlink_req to create arbitrary symlinks outside the volume and potentially execute code on the server. Public advisories document multiple remediation streams acros...
CVE-2018-5750
Technical details beyond the initial description are not present in the connected documents. The CVE-2018-5750 issue in the Linux kernel (via acpi_smbus_hc_add and SBS HC printk) is described in the Initial document as a local information disclosure; no additional public exploit/vendor-specific d...
CVE-2018-1118
CVE-2018-1118 affects the Linux kernel vhost path used by /dev/vhost-net. The issue is improper memory initialization in vhost/vhost.c:vhost_new_msg(), enabling a local unprivileged user to read kernel memory contents. The vulnerability arises from memory not being initialized before being passed...
CVE-2018-10927
CVE-2018-10927 affects GlusterFS where an authenticated attacker could abuse RPC gfs3_lookup_req to leak information and cause remote denial of service by crashing the gluster brick process. Exploitation details in connected IBM PowerKVM advisory tied to PowerKVM 3.1; fixed in PowerKVM 3.1.0.2 up...
CVE-2021-3620
CVE-2021-3620 is a disclosure vulnerability in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is exposed in traceback messages. The issue is documented across multiple sources (IBM Spectrum Fusion HCI bulletin, Debian LTS advisory, and ...
CVE-2021-3501
CVE-2021-3501 affects Linux kernels prior to 5.12. The vulnerability arises from the KVM API: the internal.ndata value is mapped to an array index and can be updated by a user process at any time, enabling an out-of-bounds write. Documented impact is data integrity and system availability. A patc...
CVE-2018-11236
Summary (CVE-2018-11236) : In glibc, the realpath path processing path can trigger an integer overflow in 32-bit builds within stdlib/canonicalize.c when handling very long pathname arguments, producing a stack-based buffer overflow and potentially arbitrary code execution. The vulnerability affe...
CVE-2021-3659
CVE-2021-3659 is a local NULL pointer dereference in the Linux kernel’s IEEE 802.15.4 LR-WPAN subsystem. The specific code path cited in connected sources is a NULL pointer dereference in llsec_key_alloc() within net/mac802154/llsec.c, which can be triggered during LR-WPAN connection closure and ...
CVE-2018-1088
CVE-2018-1088 affects GlusterFS 3.x via the snapshot scheduler: an unauthenticated client could exploit the scheduler to mount shared storage and escalate privileges by scheduling a malicious cronjob via a symlink. The issue is tied to a regression/regression-related chain (CVE-2018-1112) in patc...
CVE-2018-10907
CVE-2018-10907 is a vulnerability in GlusterFS where the server-rpc-fopc.c code path allocates fixed-size buffers with alloca(3). An authenticated attacker mounting a Gluster volume could send a string longer than the fixed buffer, causing a stack-based overflow that may crash the glusterfs serve...
CVE-2018-10913
CVE-2018-10913 affects GlusterFS server. The vulnerability allows an attacker to issue a xattr request via GlusterFS FUSE to determine the existence of files, causing an information disclosure. The connected Nessus/EulerOS Debian advisories list CVE-2018-10913 among multiple GlusterFS issues and ...
CVE-2018-10904
CVE-2018-10904 affects GlusterFS servers. The vulnerability arises from improper sanitization of file paths in the trusted.io-stats-dump extended attribute used by the debug/io-stats translator. An attacker with sufficient access to modify extended attributes on a Gluster volume can create files ...
CVE-2018-10911
CVE-2018-10911 affects glusterfs; the dict_unserialize function mishandles negative key length values, allowing a remote attacker to read memory from other locations into the stored dict value. The IBM PowerKVM advisory (and related Red Hat/CentOS/Debian advisories) document remote-authenticated/...
CVE-2018-8088
CVE-2018-8088 details (normal mode) : The issue affects SLF4J’s slf4j-ext EventData in QOS.CH SLF4J before 1.8.0-beta2, where crafted data can bypass access restrictions. The fix is in SLF4J 1.7.26+ and in the 2.0.x series. Connected advisories corroborate the vulnerability description across Lin...
CVE-2018-10873
CVE-2018-10873 affects SPICE before 0.14.1: a missing bounds check in demarshal.py:write_validate_array_item can be exploited by an authenticated remote peer to crash the SPICE client/server. Public advisories (Debian, IBM, Mageia/CentOS) describe denial of service and potential code execution im...
CVE-2018-10914
CVE-2018-10914 is a GlusterFS vulnerability where an attacker can issue a xattr request via glusterfs FUSE to crash the gluster brick process, and if multiplexing is enabled, cause crashes across multiple bricks and volumes, enabling a remote denial of service. The issue is documented across mult...
CVE-2018-10923
CVE-2018-10923 affects GlusterFS server. The description in the connected documents shows that the vulnerability arises from the mknod(2) pathway, allowing an authenticated attacker to create device files on a GlusterFS server node and read data from any device attached to the server. This indica...
CVE-2018-5968
CVE-2018-5968 concerns FasterXML jackson-databind deserialization. The entry notes unauthenticated remote code execution via two gadgets that bypass a blacklist, stemming from an incomplete fix for CVE-2017-7525 and CVE-2017-17485. Connected sources specify affected jackson-databind versions and ...
CVE-2017-7536
CVE-2017-7536 affects Hibernate Validator 5.2.x (before 5.2.5), 5.3.x, and 5.4.x. If the security manager’s reflective permissions are granted to Hibernate Validator, a privilege escalation can occur by allowing access to private members, enabling reading private member values via ConstraintViola...
CVE-2023-3758
CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...
CVE-2018-14659
The CVE-2018-14659 vulnerability affects GlusterFS up to versions 4.1.4 and 3.1.2. An authenticated, remote attacker could mount a Gluster volume and repeatedly call setxattr via GF_XATTR_IOSTATS_DUMP_KEY to trigger a state dump and create an arbitrary number of files in the server runtime direct...
CVE-2018-14654
CVE-2018-14654 affects GlusterFS (up to 4.1.x) via the GF_XATTROP_ENTRY_IN_KEY path in the translator used during mounting, allowing a remote attacker with access to mounted volumes to create arbitrary, empty files on the server. Exploitation details are not provided in the given documents. Remed...
CVE-2018-11237
CVE-2018-11237: A buffer overflow in the AVX-512-optimized mempcpy implementation (__mempcpy_avx512_no_vzeroupper) of glibc (2.27 and earlier). The overflow occurs when copying data beyond the target buffer, as demonstrated by vulnerable mempcpy paths described in public advisories and exploits. ...
CVE-2018-10874
CVE-2018-10874 affects Ansible. The issue arises when inventory variables are loaded from the current working directory during ad-hoc commands, which attackers can control, enabling arbitrary code execution (local attacker could compromise the target via manipulated inventory vars). The NVD entry...
CVE-2018-14660
CVE-2018-14660 : A flaw in GlusterFS server (versions up to 4.1.4 and 3.1.2) lets a remote, authenticated attacker repeatedly call setxattr on GF_META_LOCK_KEY to create multiple locks for a single inode, leading to memory exhaustion on the GlusterFS server node. Connected documents confirm Glust...
CVE-2018-14661
Technical details for CVE-2018-14661 are not provided in the connected documents. Public information in the initial entry confirms a format-string vulnerability in GlusterFS, but no affected versions, exploit details, or fixes are included here. Monitor for updates.
CVE-2018-1114
CVE-2018-1114 corresponds to an Undertow issue where URLResource.getLastModified() closes file descriptors only when finalized, enabling a file descriptor leak and potential exhaustion. The vulnerability is evidenced in multiple sources (GHSA- GJJX-GQM4-WCGM, Red Hat advisories) describing an unc...
CVE-2022-0207
Summary: CVE-2022-0207 affects the vdsm component used in oVirt/Red Hat Virtualization. A race condition in the functionality that obfuscates sensitive values in logs may cause sensitive data to be stored in clear text. Impact (as stated): exposure of sensitive values via log files. Affected soft...
CVE-2018-1073
CVE-2018-1073 affects the oVirt-engine web console login form, where versions before 4.2.3 reveal different errors for non-existent users vs. invalid passwords, enabling attacker user enumeration. The issue is documented in Red Hat RHSA-2018:1525 and related advisories, with remediation via the a...