Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10928 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | |||||
CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | |||||
CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 6 Debian Linux, Glusterfs, Leap and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | |||||
CVE-2018-10923 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | |||||
CVE-2018-10914 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | |||||
CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
CVE-2018-10911 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | |||||
CVE-2018-10907 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | |||||
CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | |||||
CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||||
CVE-2018-10873 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | |||||
CVE-2018-10858 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | |||||
CVE-2018-10675 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | |||||
CVE-2018-10322 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | |||||
CVE-2018-10237 | 3 Google, Oracle, Redhat | 18 Guava, Banking Payments, Communications Ip Service Activator and 15 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | |||||
CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | |||||
CVE-2018-1000001 | 3 Canonical, Gnu, Redhat | 9 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | |||||
CVE-2017-7536 | 1 Redhat | 7 Enterprise Linux, Hibernate Validator, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | |||||
CVE-2017-7525 | 5 Debian, Fasterxml, Netapp and 2 more | 22 Debian Linux, Jackson-databind, Oncommand Balance and 19 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. |