Page 15 of 140 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10929 – glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

https://notcve.org/view.php?id=CVE-2018-10929

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs2_create_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para crear archivos arbitrarios y ejecutar código arbitrario en un nodo del servidor glusterfs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html http://www.securityfocus.com/bid/107577 https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10929 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org&#x • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10923 – glusterfs: I/O to arbitrary devices on storage server

https://notcve.org/view.php?id=CVE-2018-10923

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. Se ha detectado que la llamada "mknod" derivada de mknod(2) puede crear archivos que señalan a dispositivos en un nodo del servidor glusterfs. Un atacante autenticado podría emplearlo para crear un dispositivo arbitrario y leer datos desde cualquier dispositivo conectado al nodo del servidor glusterfs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-10926 – glusterfs: Device files can be created in arbitrary locations

https://notcve.org/view.php?id=CVE-2018-10926

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. Se ha detectado un error en las peticiones RPC que emplean gfs3_mknod_req soportadas por el servidor glusterfs. Un atacante autenticado podría emplear este error para escribir archivos en una ubicación arbitraria mediante un salto de directorio y ejecutar código arbitrario en un nodo del servidor glusterfs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2018-10928 – glusterfs: Improper resolution of symlinks allows for privilege escalation

https://notcve.org/view.php?id=CVE-2018-10928

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs3_symlink_req en el servidor glusterfs, lo que permite que los destinos symlink señalen a rutas de archivo fuera del volumen gluster. Un atacante autenticado podría emplear este error para crear symlinks arbitrarios que señalen a cualquier lugar del servidor y ejecutar código arbitrario en un nodo del servidor glusterfs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.c • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-10913 – glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c

https://notcve.org/view.php?id=CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. Se ha descubierto una vulnerabilidad de divulgación de información en el servidor glusterfs. Un atacante podría lanzar una petición xattr mediante glusterfs FUSE para determinar la existencia de algún archivo. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:2607 https://access.redhat.com/errata/RHSA-2018:2608 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913 https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://review.gluster.org/#/c/glusterfs/+/21071 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •