Known Vulnerabilities for products from Gluster
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gluster".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat G... | 6.5 - MEDIUM | 2018-10-31 | 2023-02-12 |
| CVE-2018-14660 | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.... | 6.5 - MEDIUM | 2018-11-01 | 2023-02-13 |
| CVE-2018-14651 | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomple... | 8.8 - HIGH | 2018-10-31 | 2023-02-12 |
| CVE-2018-10930 | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to w... | 6.5 - MEDIUM | 2018-09-04 | 2021-12-10 |
| CVE-2018-10929 | A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to c... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10928 | A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10927 | A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to l... | 8.1 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10926 | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this ... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10924 | It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this f... | 6.5 - MEDIUM | 2018-09-04 | 2019-10-03 |
| CVE-2018-10923 | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An ... | 8.1 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10914 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which wi... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10913 | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glust... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10911 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker cou... | 7.5 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10907 | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc... | 8.8 - HIGH | 2018-09-04 | 2021-12-16 |
| CVE-2018-10904 | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute wh... | 8.8 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10841 | glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gl... | 8.8 - HIGH | 2018-06-20 | 2023-02-12 |
| CVE-2018-1112 | glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated... | 8.8 - HIGH | 2018-04-25 | 2019-10-09 |
| CVE-2017-15096 | A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/... | 3.3 - LOW | 2017-10-26 | 2023-02-12 |
| CVE-2014-3619 | The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loo... | 5 - MEDIUM | 2015-03-27 | 2023-02-13 |
| CVE-2012-5635 | The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to ov... | 2.1 - LOW | 2013-04-09 | 2023-02-13 |
Known software with vulnerabilities from Gluster
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gluster | Glusterfs | - |