Latest redhat gluster storage Vulnerabilities

CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 59 more
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 57 more
CVE-2020-10763
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive i...
redhat/heketi<0:9.0.0-9.5.el7
redhat/gluster-block<0:0.2.1-36.2.el7
redhat/tcmu-runner<0:1.2.0-32.2.el7
Heketi Project Heketi<10.1.0
Redhat Gluster Storage=3.0
Redhat Gluster Storage=3.5
and 4 more
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they ...
redhat/samba<4.8.11
redhat/samba<4.9.6
redhat/samba<4.10.2
Samba Samba>=3.2.0<4.8.11
Samba Samba>=4.9.0<4.9.6
Samba Samba>=4.10.0<4.10.2
and 7 more
CVE-2019-3831
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as...
redhat/vdsm<4.30.9
Ovirt Vdsm>=4.19<=4.30.3
Ovirt Vdsm>=4.30.5<=4.30.8
Redhat Gluster Storage=3.0
CVE-2018-1000808
It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, res...
ubuntu/pyopenssl<17.5.0
ubuntu/pyopenssl<0.15.1-2ubuntu0.2
<17.5.0
=16.04
=3.0
=13
and 13 more
CVE-2018-14653
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated at...
Redhat Gluster Storage>=3.0.0<=3.1.2
Redhat Gluster Storage>=4.1.0<=4.1.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
and 1 more
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' ...
Redhat Gluster Storage>=3.0.0<=3.1.2
Redhat Gluster Storage>=4.1.0<=4.1.8
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Virtualization Host=4.0
Redhat Enterprise Linux Server=6.0
and 2 more
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...
Redhat Gluster Storage<=4.1.4
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Virtualization=4.0
Redhat Virtualization=4.0
Redhat Virtualization Host=4.0
and 2 more
CVE-2018-10928
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use t...
redhat/glusterfs<0:3.12.2-18.el6
redhat/glusterfs<0:3.12.2-18.el7
redhat/redhat-release-server<0:6Server-6.10.0.24.el6
redhat/redhat-storage-server<0:3.4.0.0-1.el6
redhat/redhat-release-server<0:7.5-11.el7
redhat/redhat-storage-server<0:3.4.0.0-1.el7
and 14 more
CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing t...
redhat/ansible<2.4.6
redhat/ansible<2.5.6
redhat/ansible<2.6.1
pip/ansible>=2.6.0<2.6.1
pip/ansible>=2.5.0<2.5.6
pip/ansible<2.4.6
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203