Vulnerabilities > Redhat > Gluster Storage > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
8.8
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.1
2018-10-31 CVE-2018-14653 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message.
network
low complexity
redhat debian
8.8
2018-09-11 CVE-2018-1127 Session Fixation vulnerability in Redhat Gluster Storage
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out.
network
high complexity
redhat CWE-384
8.1
2018-09-04 CVE-2018-10928 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
redhat debian gluster opensuse
8.8
2018-07-26 CVE-2017-12150 It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled.
network
high complexity
samba redhat debian
7.4
2018-07-26 CVE-2017-12163 An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8.
low complexity
samba redhat debian
7.1
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-04-18 CVE-2018-1088 A privilege escalation flaw was found in gluster 3.x snapshot scheduler.
network
high complexity
redhat opensuse debian
8.1
2017-11-08 CVE-2017-15087 Unspecified vulnerability in Redhat Gluster Storage 3.3
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
network
low complexity
redhat
7.5