Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gluster_storage
(Redhat)| Repositories |
• git://git.openssl.org/openssl.git
• https://github.com/ansible/ansible |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-26 | CVE-2017-12163 | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Gluster_storage, Samba | 7.1 | ||
| 2018-10-31 | CVE-2018-14652 | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Enterprise_virtualization_host, Gluster_storage | 6.5 | ||
| 2018-10-31 | CVE-2018-14653 | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Gluster_storage | 8.8 | ||
| 2018-10-31 | CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | Debian_linux, Enterprise_linux_server, Enterprise_linux_virtualization, Gluster_storage, Virtualization, Virtualization_host | 6.5 | ||
| 2018-07-26 | CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Gluster_storage, Samba | 7.4 | ||
| 2018-09-04 | CVE-2018-10928 | A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | Debian_linux, Glusterfs, Leap, Enterprise_linux, Enterprise_linux_server, Gluster_storage, Virtualization_host | 8.8 | ||
| 2018-07-13 | CVE-2018-10875 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | Ubuntu_linux, Debian_linux, Ansible_engine, Ceph_storage, Gluster_storage, Openshift, Openstack, Virtualization, Virtualization_host, Package_hub | 7.8 | ||
| 2018-07-19 | CVE-2017-7481 | Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. | Ubuntu_linux, Debian_linux, Ansible_engine, Gluster_storage, Openshift_container_platform, Openstack, Storage_console, Virtualization, Virtualization_manager | 9.8 | ||
| 2018-10-08 | CVE-2018-1000808 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This... | Ubuntu_linux, Pyopenssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Gluster_storage, Openstack | 5.9 | ||
| 2020-11-24 | CVE-2020-10763 | An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. | Heketi, Enterprise_linux, Gluster_storage, Openshift_container_platform | 5.5 |