VYPR

Gluster Storage

by Red Hat

CVEs (10)

  • CVE-2014-0160HigKEVApr 7, 2014
    risk 0.72cvss 7.5epss 1.00

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…

  • CVE-2011-3045HigMar 22, 2012
    risk 0.57cvss 8.8epss 0.04

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2015-1795HigJun 27, 2017
    risk 0.51cvss 7.8epss 0.00

    Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

  • CVE-2017-15087HigNov 8, 2017
    risk 0.49cvss 7.5epss 0.02

    It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2017-15086HigNov 8, 2017
    risk 0.48cvss 7.4epss 0.02

    It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2014-8177MedJun 7, 2016
    risk 0.42cvss 6.5epss 0.02

    The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.

  • CVE-2015-1777MedApr 12, 2018
    risk 0.38cvss 5.9epss 0.01

    rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a…

  • CVE-2017-15085MedNov 8, 2017
    risk 0.38cvss 5.9epss 0.02

    It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2018-1127MedSep 11, 2018
    risk 0.00cvss 4.2epss 0.01

    Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.

  • CVE-2015-5242Nov 25, 2015
    risk 0.00cvss epss 0.02

    OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).