Page 10 of 86 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. Se ha detectado que URLResource.getLastModified() en Undertow cierra los descriptores de archivo solo cuando están finalizados, lo que puede provocar el agotamiento de dichos descriptores. Esto conduce a una fuga del manejador de archivos. • https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:0877 https://bugs.openjdk.java.net/browse/JDK-6956385 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114 https://issues.jboss.org/browse/UNDERTOW-1338 https://access.redhat.com/security/cve/CVE-2018-1114 https://bugzilla.redhat.com/show_bug.cgi?id=1573045 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. Se ha descubierto que un atacante podría lanzar una petición xattr mediante glusterfs FUSE para provocar que el proceso brick de gluster se cierre inesperadamente, lo que resultará en una denegación de servicio (DoS) remota. Si gluster multiplexing está habilitado, esto resultará en el cierre inesperado de múltiples bloques y volúmenes de gluster. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Se ha detectado un error en las peticiones RPC que emplean gfs3_rename_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para escribir a un destino fuera del volumen gluster. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21068 https:/ • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. Se ha detectado que la llamada "mknod" derivada de mknod(2) puede crear archivos que señalan a dispositivos en un nodo del servidor glusterfs. Un atacante autenticado podría emplearlo para crear un dispositivo arbitrario y leer datos desde cualquier dispositivo conectado al nodo del servidor glusterfs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. Se ha detectado un error en las peticiones RPC que emplean gfs3_lookup_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para filtrar información y ejecutar una denegación de servicio (DoS) remota provocando el cierre inesperado del proceso brick de gluster. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •