Skip to main content

Tcmu Runner

5 CVEs product

Monthly

CVE-2021-3139 HIGH PATCH This Week

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tcmu Runner
NVD GitHub
CVSS 3.1
8.1
EPSS
2.6%
CVE-2017-1000201 MEDIUM PATCH This Month

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1000200 HIGH PATCH This Week

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000199 HIGH This Week

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000198 HIGH PATCH This Week

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
EPSS 3% CVSS 8.1
HIGH PATCH This Week

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tcmu Runner
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Tcmu Runner
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Tcmu Runner
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tcmu Runner
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tcmu Runner
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy