Gluster Storage

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8
2022-02-18	CVE-2016-2124	Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. network high complexity samba debian fedoraproject redhat canonical CWE-287	5.9
2022-02-18	CVE-2020-25717	Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. network low complexity samba debian fedoraproject redhat canonical CWE-20	8.1
2020-11-24	CVE-2020-10763	Information Exposure Through Log Files vulnerability in multiple products An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. local low complexity heketi-project redhat CWE-532	2.1
2019-04-09	CVE-2019-3880	Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. network low complexity samba debian redhat fedoraproject opensuse CWE-22	5.4
2019-03-25	CVE-2019-3831	A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. network low complexity ovirt redhat critical	9.0
2018-10-31	CVE-2016-2125	Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. low complexity samba redhat CWE-20	6.5
2018-10-31	CVE-2018-14654	Path Traversal vulnerability in multiple products The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. network low complexity redhat debian CWE-22	6.5
2018-10-31	CVE-2018-14653	Heap-based Buffer Overflow vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. network low complexity redhat debian CWE-122	8.8
2018-10-31	CVE-2018-14652	Classic Buffer Overflow vulnerability in multiple products The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. network low complexity redhat debian CWE-120	6.5