Vulnerabilities > Redhat > Gluster Storage > 3.0

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
5.9
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.1
8.1
2020-11-24 CVE-2020-10763 Information Exposure Through Log Files vulnerability in multiple products
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.
local
low complexity
heketi-project redhat CWE-532
2.1
2.1
2019-04-09 CVE-2019-3880 Path Traversal vulnerability in multiple products
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
network
low complexity
samba debian redhat fedoraproject opensuse CWE-22
5.4
5.4
2019-03-25 CVE-2019-3831 A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8.
network
low complexity
ovirt redhat
critical
 9.0
9.0
2018-10-31 CVE-2016-2125 Improper Input Validation vulnerability in multiple products
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication.
low complexity
samba redhat CWE-20
6.5
6.5
2018-10-31 CVE-2018-14654 Path Traversal vulnerability in multiple products
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator.
network
low complexity
redhat debian CWE-22
6.5
6.5
2018-10-08 CVE-2018-1000808 Improper Resource Shutdown or Release vulnerability in multiple products
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. 		4.3
4.3
2018-09-11 CVE-2018-1127 Session Fixation vulnerability in Redhat Gluster Storage
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out.
network
redhat CWE-384
6.8
6.8
2018-09-04 CVE-2018-10928 Link Following vulnerability in multiple products
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
debian redhat gluster opensuse CWE-59
6.5
6.5