Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2022-02-25 | 8.5 HIGH | 8.1 HIGH |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2022-02-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2018-14653 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 1 more | 2021-12-16 | 6.5 MEDIUM | 8.8 HIGH |
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | |||||
| CVE-2018-1088 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Leap, Enterprise Linux Server and 3 more | 2021-11-30 | 6.8 MEDIUM | 8.1 HIGH |
| A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. | |||||
| CVE-2018-10928 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | |||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
| CVE-2014-0160 | 10 Canonical, Debian, Fedoraproject and 7 more | 31 Ubuntu Linux, Debian Linux, Fedora and 28 more | 2020-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
| CVE-2018-1127 | 1 Redhat | 1 Gluster Storage | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. | |||||
| CVE-2017-15086 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-15087 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2019-10-09 | 4.8 MEDIUM | 7.1 HIGH |
| An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
| CVE-2017-12150 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | |||||
| CVE-2015-1795 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2019-04-22 | 7.2 HIGH | 7.8 HIGH |
| Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | |||||