Page 9 of 100 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en rsyslog en el módulo imptcp. Un atacante podría enviar un mensaje especialmente manipulado al socket imptcp, lo que conduciría al cierre forzado de rsyslog. • https://access.redhat.com/errata/RHBA-2019:2501 https://access.redhat.com/errata/RHSA-2019:2110 https://access.redhat.com/errata/RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2439 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html https://access.redhat.com/security/cve/CVE-2018-16881 https://bugzilla.redhat.com/show_bug.cgi?id=1658366 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un ataque de denegación de servicio (DoS) mediante el uso del xattr "GF_XATTR_IOSTATS_DUMP_KEY". Un atacante autenticado remoto podría explotar esta vulnerabilidad montando un volumen Gluster y llamando repetidamente a "setxattr(2)" para desencadenar un volcado de estado y crear un número arbitrario de archivos en el directorio runtime del servidor. A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14659 https://bugzilla.redhat.com/show_bug.cg • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Se ha detectado que el uso de la función snprintf en el traductor feature/locks del servidor glusterfs 3.8.4, tal y como se distribuye con Red Hat Gluster Storage, era vulnerable a un ataque de cadena de formato. Un atacante remoto autenticado podría explotar este error para provocar una denegación de servicio (DoS). It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14661 https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. Se ha encontrado un error en el servidor glusterfs hasta las versiones 4.1.4 y 3.1.2 que permitía el uso repetido del xattr GF_META_LOCK_KEY. Un atacante autenticado remoto podría emplear este error para crear múltiples bloqueos para un único inode mediante el uso repetido de setxattr, lo que resulta en el agotamiento de la memoria del nodo del servidor glusterfs. A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14660 https://bugzilla.redhat.com/show_bug.cgi?id=1635926 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. El sistema de archivos Gluster hasta la versión 4.1.4 es vulnerable al abuso del traductor "features/index". Un atacante remoto con acceso a los volúmenes de montaje podría explotar esta vulnerabilidad mediante el xaatrop "GF_XATTROP_ENTRY_IN_KEY" para crear archivos arbitrarios vacíos en el servidor objetivo. A flaw was found in the way glusterfs server handles client requests. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14654 https://bugzilla.redhat.com/show_bug.cgi?id=1631576 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •