Aggregates CVE and security vulnerability intelligence across all tcmu-runner_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-3139 | In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm. | [email protected] | 8.1 | 2.65% | 2021-01-13 | 2024-11-21 |
| CVE-2017-1000201 | The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | [email protected] | 5.5 | 0.32% | 2017-11-17 | 2026-05-13 |
| CVE-2017-1000200 | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | [email protected] | 7.5 | 1.39% | 2017-11-17 | 2026-05-13 |
| CVE-2017-1000199 | tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | [email protected] | 7.5 | 1.46% | 2017-11-17 | 2026-05-13 |
| CVE-2017-1000198 | tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | [email protected] | 7.5 | 1.39% | 2017-11-17 | 2026-05-13 |