Redhat Gluster Storage — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Gluster Storage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2017-7481 — CVSS 9.8 (critical): Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the…
CVE-2011-3045 — CVSS 8.8 (high): Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before…
CVE-2018-10928 — CVSS 8.8 (high): A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside…
CVE-2018-14653 — CVSS 8.8 (high): The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function…
CVE-2021-44142 — CVSS 8.8 (high): The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and…
CVE-2020-25717 — CVSS 8.1 (high): A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible…
CVE-2018-1088 — CVSS 8.1 (high): A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also…
CVE-2015-1795 — CVSS 7.8 (high): Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2018-10875 — CVSS 7.8 (high): A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a…
CVE-2017-15087 — CVSS 7.5 (high): It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for…
CVE-2017-12150 — CVSS 7.4 (high): It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration…
CVE-2017-15086 — CVSS 7.4 (high): It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for…
CVE-2019-3831 — CVSS 6.7 (medium): A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm…
CVE-2016-2125 — CVSS 6.5 (medium): It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A…
CVE-2018-14654 — CVSS 6.5 (medium): The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to…
CVE-2018-14652 — CVSS 6.5 (medium): The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code…
CVE-2015-5242 — CVSS 6.0 (medium): OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows…
CVE-2016-2124 — CVSS 5.9 (medium): A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent…
CVE-2017-15085 — CVSS 5.9 (medium): It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for…
CVE-2018-1000808 — CVSS 5.9 (medium): Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last…
CVE-2020-10763 — CVSS 5.5 (medium): An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with…
CVE-2019-3880 — CVSS 5.4 (medium): A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could…
CVE-2018-1127 — CVSS 4.2 (medium): Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain…
CVE-2017-12163 — CVSS 4.1 (medium): An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before…