CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1795 – glusterfs: glusterfs-server %pretrans rpm script temporary file issue
https://notcve.org/view.php?id=CVE-2015-1795
23 Mar 2017 — Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Red Hat Gluster Storage Paquete RPM 3.2 permite a los usuarios locales obtener privilegios y ejecutar código arbitrario como root. It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of th... • http://rhn.redhat.com/errata/RHSA-2017-0484.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVSS: 6.5EPSS: 13%CPEs: 18EXPL: 0CVE-2016-2125 – samba: Unconditional privilege delegation to Kerberos servers in trusted realms
https://notcve.org/view.php?id=CVE-2016-2125
19 Dec 2016 — It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría ... • http://rhn.redhat.com/errata/RHSA-2017-0494.html • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5242 – swiftonfile: use of insecure Python pickle for metadata serialization and storage
https://notcve.org/view.php?id=CVE-2015-5242
20 Oct 2015 — OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). OpenStack Swift-on-File (también conocido como Swiftonfile) no restringe adecuadamente el uso del módulo Python pickle cuando carga metadatos, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de un atributo extendido manipulado (xattrs). A flaw ... • http://rhn.redhat.com/errata/RHSA-2015-1918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •