Vulnerabilities > Redhat > Gluster Storage

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
8.8
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.1
2020-11-24 CVE-2020-10763 Information Exposure Through Log Files vulnerability in multiple products
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
local
low complexity
heketi-project redhat CWE-532
2.1
2019-04-09 CVE-2019-3880 Path Traversal vulnerability in multiple products
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
network
low complexity
samba debian redhat fedoraproject opensuse CWE-22
5.4
2019-03-25 CVE-2019-3831 A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8.
network
low complexity
ovirt redhat
critical
9.0
2018-10-31 CVE-2016-2125 Improper Input Validation vulnerability in multiple products
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication.
low complexity
samba redhat CWE-20
6.5
2018-10-31 CVE-2018-14654 Path Traversal vulnerability in multiple products
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator.
network
low complexity
redhat debian CWE-22
6.5
2018-10-31 CVE-2018-14653 Heap-based Buffer Overflow vulnerability in multiple products
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message.
network
low complexity
redhat debian CWE-122
8.8
2018-10-31 CVE-2018-14652 Classic Buffer Overflow vulnerability in multiple products
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.
network
low complexity
redhat debian CWE-120
6.5