Known Vulnerabilities for products from Gluster
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gluster".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-26253 json | In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | 7.5 - HIGH | 2023-02-21 | 2023-11-07 |
| CVE-2022-48340 json | In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. | 7.5 - HIGH | 2023-02-21 | 2023-11-07 |
| CVE-2018-14661 json | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat G... | 6.5 - MEDIUM | 2018-10-31 | 2023-02-12 |
| CVE-2018-14660 json | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.... | 6.5 - MEDIUM | 2018-11-01 | 2023-02-13 |
| CVE-2018-14651 json | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomple... | 8.8 - HIGH | 2018-10-31 | 2023-02-12 |
| CVE-2018-10930 json | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to w... | 6.5 - MEDIUM | 2018-09-04 | 2021-12-10 |
| CVE-2018-10929 json | A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to c... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10928 json | A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10927 json | A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to l... | 8.1 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10926 json | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this ... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10924 json | It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this f... | 6.5 - MEDIUM | 2018-09-04 | 2019-10-03 |
| CVE-2018-10923 json | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An ... | 8.1 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10914 json | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which wi... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10913 json | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glust... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10911 json | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker cou... | 7.5 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10907 json | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc... | 8.8 - HIGH | 2018-09-04 | 2021-12-16 |
| CVE-2018-10904 json | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute wh... | 8.8 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10841 json | glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gl... | 8.8 - HIGH | 2018-06-20 | 2023-02-12 |
| CVE-2018-1112 json | glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated... | 8.8 - HIGH | 2018-04-25 | 2019-10-09 |
| CVE-2017-15096 json | A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/... | 3.3 - LOW | 2017-10-26 | 2023-02-12 |
Known software with vulnerabilities from Gluster
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gluster | Glusterfs | - |