CVE-2021-3139
- EPSS 0.91%
- Veröffentlicht 13.01.2021 16:15:14
- Zuletzt bearbeitet 21.11.2024 06:20:58
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. Fo...
CVE-2017-1000201
- EPSS 0.05%
- Veröffentlicht 17.11.2017 02:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
CVE-2017-1000198
- EPSS 0.33%
- Veröffentlicht 17.11.2017 02:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
CVE-2017-1000199
- EPSS 0.3%
- Veröffentlicht 17.11.2017 02:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
CVE-2017-1000200
- EPSS 0.37%
- Veröffentlicht 17.11.2017 02:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service