Cpe Name:
cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-25717 |
20 |
|
|
2022-02-18 |
2022-02-25 |
8.5 |
None |
Remote |
Low |
??? |
Complete |
Complete |
None |
|
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. |
|
2 |
CVE-2020-10763 |
532 |
|
|
2020-11-24 |
2020-12-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. |
|
3 |
CVE-2019-3880 |
22 |
|
Dir. Trav. |
2019-04-09 |
2019-05-27 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. |
|
4 |
CVE-2019-3831 |
|
|
Exec Code |
2019-03-25 |
2020-10-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. |
|
5 |
CVE-2018-1000808 |
404 |
|
DoS |
2018-10-08 |
2021-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. |
|
6 |
CVE-2018-10928 |
59 |
|
Exec Code |
2018-09-04 |
2022-04-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. |
|
7 |
CVE-2016-2125 |
20 |
|
|
2018-10-31 |
2019-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. |
|
8 |
CVE-2016-2124 |
287 |
|
|
2022-02-18 |
2022-02-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. |
Total number of vulnerabilities :
8
Page :
1
(This Page)
