CVE-2018-14651

HIGH Year: 2018
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

Related Vulnerabilities

CVE-2016-9602

HIGH
CVSS:8.8(High)

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder a...

CWE-592016

CVE-2018-10897

HIGH
CVSS:8.8(High)

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may ...

CWE-592018

CVE-2018-10928

HIGH
CVSS:8.8(High)

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use t...

CWE-592018

CVE-2019-1053

HIGH
CVSS:8.8(High)

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping ...

CWE-592019

CVE-2019-9949

HIGH
CVSS:8.8(High)

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privil...

CWE-592019

CVE-2020-10947

HIGH
CVSS:8.8(High)

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.

CWE-592020