threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat gluster storage
Product
redhat gluster storage
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-44142
all versions
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients
8.8
HIGH
CVE-2020-25717
all versions
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl
8.1
HIGH
CVE-2016-2124
all versions
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw
5.9
MEDIUM
CVE-2020-10763
all versions
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker
5.5
MEDIUM
CVE-2019-3880
all versions
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker
5.4
MEDIUM
CVE-2019-3831
all versions
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to
6.7
MEDIUM
CVE-2016-2125
all versions
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authenticati
6.5
MEDIUM
CVE-2018-14654
<= 4.1.4
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with ac
6.5
MEDIUM
CVE-2018-14653
>= 3.0.0 and <= 3.1.2
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' fu
8.8
HIGH
CVE-2018-14652
>= 3.0.0 and <= 3.1.2
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via
6.5
MEDIUM
CVE-2018-1000808
all versions
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing La
5.9
MEDIUM
CVE-2018-1127
< 3.4
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session token
4.2
MEDIUM
CVE-2018-10928
all versions
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file path
8.8
HIGH
CVE-2017-12150
all versions
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain conf
7.4
HIGH
CVE-2017-12163
all versions
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x
4.1
MEDIUM
CVE-2017-7481
all versions
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control t
9.8
CRITICAL
CVE-2018-10875
all versions
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plu
7.8
HIGH
CVE-2018-1088
>= 3.0 and <= 3.13.2
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could
8.1
HIGH
CVE-2017-15087
all versions
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3
7.5
HIGH
CVE-2017-15086
all versions
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3
7.4
HIGH
CVE-2017-15085
all versions
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3
5.9
MEDIUM
CVE-2015-1795
all versions
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
7.8
HIGH
CVE-2015-5242
all versions
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which
CVE-2014-0160
all versions
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which
7.5
HIGH
CVE-2011-3045
all versions
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin