CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-49298
https://notcve.org/view.php?id=CVE-2023-49298
24 Nov 2023 — OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use ... • https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-20001 – Ubuntu Security Notice USN-6511-1
https://notcve.org/view.php?id=CVE-2013-20001
12 Feb 2021 — An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. Se detectó un problema en OpenZFS versiones hasta 2.0.3. Cuando un recurso compartido NFS es exportado a direcciones IPv6 por medio de la funcionalidad sharenfs, es producido un fallo silencioso al analizar los datos de la dirección... • https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24716
https://notcve.org/view.php?id=CVE-2020-24716
27 Aug 2020 — OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. OpenZFS versiones anteriores a 2.0.0-rc1, cuando es usado en FreeBSD, permite ejecutar permisos para todos los directorios • https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24717
https://notcve.org/view.php?id=CVE-2020-24717
27 Aug 2020 — OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. OpenZFS versiones anteriores a 2.0.0-rc1, cuando es usado en FreeBSD, malinterpreta los permisos de grupo como permisos de usuario, como es demostrado por el modo 0770 que es equivalente al modo 0777 • https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f • CWE-276: Incorrect Default Permissions •