Page 13 of 141 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2018-10930 – glusterfs: Files can be renamed outside volume

https://notcve.org/view.php?id=CVE-2018-10930

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Se ha detectado un error en las peticiones RPC que emplean gfs3_rename_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para escribir a un destino fuera del volumen gluster. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21068 https:/ • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10904 – glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code

https://notcve.org/view.php?id=CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. Se ha detectado que el servidor glusterfs no sanea correctamente las rutas de archivo en el atributo extendido "trusted.io-stats-dump", empleado por el traductor "debug/io-stats". Los atacantes pueden emplear este error para crear archivos y ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21072 https:/ • CWE-426: Untrusted Search Path •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10907 – glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code

https://notcve.org/view.php?id=CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. Se ha detectado que el servidor glusterfs es vulnerable a múltiples desbordamientos de búfer basados en pila debido a que las funciones en server-rpc-fopc.c asignan búfers de tamaño fijo mediante "alloca(3)". Un atacante autenticado podría explotar esto montando un volumen gluster y enviando una cadena más grande que el tamaño fijo de búfer para provocar su cierre inesperado o la potencial ejecución de código. It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21070 https:/ • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-10911 – glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory

https://notcve.org/view.php?id=CVE-2018-10911

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. Se ha detectado un error en la forma en la que la función dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podría utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado. A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:2892 https://access.redhat.com/errata/RHSA-2018:3242 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10913 – glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c

https://notcve.org/view.php?id=CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. Se ha descubierto una vulnerabilidad de divulgación de información en el servidor glusterfs. Un atacante podría lanzar una petición xattr mediante glusterfs FUSE para determinar la existencia de algún archivo. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21071 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •