Vulnerabilities > Gluster

DATE CVE VULNERABILITY TITLE RISK
2018-11-01 CVE-2018-14660 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.
network
low complexity
redhat gluster CWE-770
4.0
2018-10-31 CVE-2018-14651 Link Following vulnerability in multiple products
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
network
low complexity
debian redhat gluster CWE-59
6.5
2018-10-31 CVE-2018-14661 Use of Externally-Controlled Format String vulnerability in Gluster Glusterfs 3.8.4
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster CWE-134
4.0
2018-09-04 CVE-2018-10930 A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
redhat debian gluster
4.0
2018-09-04 CVE-2018-10929 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs2_create_req in glusterfs server.
network
low complexity
debian redhat gluster CWE-20
6.5
2018-09-04 CVE-2018-10928 Link Following vulnerability in multiple products
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
debian redhat gluster CWE-59
6.5
2018-09-04 CVE-2018-10927 Information Exposure vulnerability in multiple products
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server.
network
low complexity
debian redhat gluster CWE-200
5.5
2018-09-04 CVE-2018-10926 Path Traversal vulnerability in multiple products
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server.
network
low complexity
redhat debian gluster CWE-22
6.5
2018-09-04 CVE-2018-10924 Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs
It was discovered that fsync(2) system call in glusterfs client code leaks memory.
network
low complexity
gluster CWE-772
6.8
2018-09-04 CVE-2018-10923 Improper Input Validation vulnerability in multiple products
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster redhat debian CWE-20
5.5