Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10928 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
redhat debian gluster opensuse
8.8
8.8
2018-09-04 CVE-2018-10927 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server.
network
low complexity
redhat debian gluster opensuse
8.1
8.1
2018-09-04 CVE-2018-10926 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server.
network
low complexity
redhat debian gluster opensuse
8.8
8.8
2018-09-04 CVE-2018-10923 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster redhat debian opensuse
8.1
8.1
2018-09-04 CVE-2018-10911 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster redhat debian opensuse
7.5
7.5
2018-09-04 CVE-2018-10907 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-09-04 CVE-2018-10904 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-09-04 CVE-2018-16430 Out-of-bounds Read vulnerability in multiple products
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
network
low complexity
gnu debian CWE-125
8.8
8.8
2018-09-02 CVE-2018-16335 Out-of-bounds Write vulnerability in multiple products
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
network
low complexity
libtiff debian CWE-787
8.8
8.8
2018-08-31 CVE-2018-16276 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7.
local
low complexity
linux debian canonical CWE-787
7.8
7.8