Redhat Gluster Storage vulnerabilities

CVE-2017-15085 [MEDIUM] CVE-2017-15085: It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

CVE-2015-1795 [HIGH] CWE-264 CVE-2015-1795: Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

CVE-2015-5242 [MEDIUM] CWE-94 CVE-2015-5242: OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).

CVE-2014-0160 [HIGH] CWE-125 CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed b

CVE-2011-3045 [HIGH] CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.