Skip to main content

Virtualization Host CVE-2018-10926

HIGH
Improper Input Validation (CWE-20)
2018-09-04 secalert@redhat.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 04, 2018 - 15:29 nvd
HIGH 8.8

DescriptionNVD

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

AnalysisAI

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. Affected products include: Redhat Virtualization Host, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Server, Gluster Glusterfs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-1000001 HIGH POC
7.8 Jan 31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th

CVE-2022-0435 HIGH POC
8.8 Mar 25

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with

CVE-2018-18559 HIGH POC
8.1 Oct 22

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt

CVE-2019-14835 HIGH POC
7.8 Sep 17

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that t

CVE-2018-11237 HIGH POC
7.8 May 18

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier m

CVE-2019-3460 MEDIUM POC
6.5 Apr 11

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

CVE-2019-3888 CRITICAL
9.8 Jun 12

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2018-11236 CRITICAL
9.8 May 18

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arg

CVE-2018-8088 CRITICAL
9.8 Mar 20

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass int

CVE-2018-6485 CRITICAL
9.8 Feb 01

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or

CVE-2018-18397 MEDIUM POC
5.5 Dec 12

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl cal

CVE-2018-10322 MEDIUM POC
5.5 Apr 24

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to

Share

CVE-2018-10926 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy