Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Gluster Storage Subscribe

Filter

19 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3880 5 Redhat, Samba, Debian and 2 more 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-05-27 5.5
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to...
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-05-10 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2017-15087 1 Redhat 1 Gluster Storage 2019-04-26 5.0
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-15086 1 Redhat 1 Gluster Storage 2019-04-26 5.8
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-15085 1 Redhat 1 Gluster Storage 2019-04-26 4.3
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
CVE-2017-12163 3 Redhat, Samba, Debian 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-04-22 4.8
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or...
CVE-2015-1795 1 Redhat 1 Gluster Storage 2019-04-22 7.2
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2017-12150 3 Redhat, Samba, Debian 6 Gluster Storage, Samba, Debian Linux and 3 more 2019-04-22 5.8
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information...
CVE-2018-1000808 2 Canonical, Redhat 7 Ubuntu Linux, Gluster Storage, Openstack and 4 more 2019-03-21 4.3
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is...
CVE-2018-14660 1 Redhat 4 Gluster Storage, Virtualization Host, Enterprise Linux Server and 1 more 2019-01-30 4.0
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr...
CVE-2016-2125 2 Redhat, Samba 8 Gluster Storage, Samba, Enterprise Linux Desktop and 5 more 2019-01-29 3.3
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to...
CVE-2018-14654 1 Redhat 3 Gluster Storage, Enterprise Linux Server, Enterprise Linux Virtualization 2018-12-31 8.5
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files...
CVE-2018-14653 2 Redhat, Debian 4 Gluster Storage, Debian Linux, Enterprise Linux Server and 1 more 2018-12-31 6.5
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of...
CVE-2018-14652 2 Redhat, Debian 4 Gluster Storage, Debian Linux, Enterprise Linux Server and 1 more 2018-12-31 4.0
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker...
CVE-2018-14659 2 Redhat, Debian 4 Gluster Storage, Debian Linux, Enterprise Linux Server and 1 more 2018-12-07 4.0
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly...
CVE-2018-1127 1 Redhat 1 Gluster Storage 2018-11-16 6.8
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and...
CVE-2017-7481 1 Redhat 5 Ansible Engine, Gluster Storage, Openshift Container Platform and 2 more 2018-09-17 7.5
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system,...
CVE-2018-1088 1 Redhat 4 Gluster Storage, Virtualization, Virtualization Host and 1 more 2018-05-23 6.8
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVE-2015-5242 1 Redhat 1 Gluster Storage 2015-11-27 6.0
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).