OpenZFS 0.6.0 Release Candidate 14

CPE Details

OpenZFS 0.6.0 Release Candidate 14
openzfs
openzfs
0.6.0
2020-08-31
16h17 +00:00
2020-08-31
16h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openzfs:openzfs:0.6.0:rc14:*:*:*:*:*:*

Informations

Vendor

openzfs

Product

openzfs

Version

0.6.0

Update

rc14

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-49298 2023-11-23 23h00 +00:00 OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.
7.5
High
CVE-2013-20001 2021-02-11 23h00 +00:00 An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
7.5
High
CVE-2020-24716 2020-08-27 16h03 +00:00 OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
7.8
High
CVE-2020-24717 2020-08-27 16h03 +00:00 OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.