Storage

This hub aggregates every CVE we track for Storage. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Storage.

• CVE-2026-33221Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload5.3Mar 20, 2026
• CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
• CVE-2023-42669Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc6.5Nov 6, 2023
• CVE-2023-3961Samba: smbd allows client access to unix domain sockets on the file system as root9.1Nov 3, 2023
• CVE-2023-4091Samba: smb clients can truncate files with read-only permissions6.5Nov 3, 2023
• CVE-2023-34968Samba: spotlight server-side share path disclosure5.3Jul 20, 2023
• CVE-2023-3347Samba: smb2 packet signing is not enforced when "server signing = required" is set5.9Jul 20, 2023
• CVE-2022-2447A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This coul...6.6Sep 1, 2022
• CVE-2021-3670MaxQueryDuration not honoured in Samba AD DC LDAP6.5Aug 23, 2022
• CVE-2022-26148An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to...9.8Mar 21, 2022
• CVE-2021-44141All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under ...4.3Feb 21, 2022
• CVE-2021-20291A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is n...6.5Apr 1, 2021
• CVE-2020-14318A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be...4.3Dec 3, 2020
• CVE-2020-10730A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped w...6.5Jul 7, 2020
• CVE-2020-10685A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 ...5.0May 11, 2020