Filtered by vendor Redhat Subscriptions
Filtered by product Storage Subscriptions
Total 192 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34968 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-09-16 5.3 Medium
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
CVE-2023-34967 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-09-16 5.3 Medium
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
CVE-2023-34966 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-09-16 7.5 High
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
CVE-2022-2127 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-09-16 5.9 Medium
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
CVE-2024-8775 1 Redhat 3 Discovery, Rhui, Storage 2024-09-14 5.5 Medium
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
CVE-2024-1394 1 Redhat 23 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 20 more 2024-09-14 7.5 High
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.
CVE-2022-31163 3 Debian, Redhat, Tzinfo Project 4 Debian Linux, Satellite, Storage and 1 more 2024-09-05 7.5 High
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`.
CVE-2023-5568 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2024-08-29 5.9 Medium
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2023-42670 3 Fedoraproject, Redhat, Samba 4 Fedora, Enterprise Linux, Storage and 1 more 2024-08-29 6.5 Medium
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.
CVE-2023-42669 2 Redhat, Samba 10 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Ibm Z Systems and 7 more 2024-08-20 6.5 Medium
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
CVE-2023-4091 3 Fedoraproject, Redhat, Samba 7 Fedora, Enterprise Linux, Enterprise Linux Eus and 4 more 2024-08-20 6.5 Medium
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
CVE-2023-3961 3 Fedoraproject, Redhat, Samba 7 Fedora, Enterprise Linux, Enterprise Linux Eus and 4 more 2024-08-20 9.1 Critical
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.
CVE-2023-3347 3 Fedoraproject, Redhat, Samba 4 Fedora, Enterprise Linux, Storage and 1 more 2024-08-20 5.9 Medium
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
CVE-2010-5298 5 Fedoraproject, Mariadb, Openssl and 2 more 9 Fedora, Mariadb, Openssl and 6 more 2024-08-07 N/A
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2011-3045 6 Debian, Fedoraproject, Google and 3 more 13 Debian Linux, Fedora, Chrome and 10 more 2024-08-06 N/A
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
CVE-2012-5638 2 Ovirt, Redhat 3 Sanlock, Enterprise Linux, Storage 2024-08-06 N/A
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
CVE-2012-5635 2 Gluster, Redhat 5 Glusterfs, Storage, Storage Management Console and 2 more 2024-08-06 N/A
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.
CVE-2012-4417 2 Gluster, Redhat 2 Glusterfs, Storage 2024-08-06 N/A
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-4406 3 Fedoraproject, Openstack, Redhat 8 Fedora, Swift, Enterprise Linux Server and 5 more 2024-08-06 9.8 Critical
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
CVE-2012-3411 2 Redhat, Thekelleys 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2024-08-06 N/A
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.