Vulnerabilities > Gluster > Glusterfs

DATE CVE VULNERABILITY TITLE RISK
2023-02-21 CVE-2022-48340 Use After Free vulnerability in Gluster Glusterfs 11.0
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
network
low complexity
gluster CWE-416
7.5
7.5
2023-02-21 CVE-2023-26253 Out-of-bounds Read vulnerability in Gluster Glusterfs 11.0
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.
network
low complexity
gluster CWE-125
7.5
7.5
2018-11-01 CVE-2018-14660 Resource Exhaustion vulnerability in multiple products
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.
network
low complexity
gluster redhat debian CWE-400
6.5
6.5
2018-10-31 CVE-2018-14651 Link Following vulnerability in multiple products
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
network
low complexity
debian redhat gluster CWE-59
8.8
8.8
2018-10-31 CVE-2018-14661 Improper Input Validation vulnerability in multiple products
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster debian redhat CWE-20
6.5
6.5
2018-09-04 CVE-2018-10930 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
gluster redhat debian opensuse CWE-20
4.0
4.0
2018-09-04 CVE-2018-10929 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs2_create_req in glusterfs server.
network
low complexity
debian redhat gluster opensuse CWE-20
6.5
6.5
2018-09-04 CVE-2018-10928 Link Following vulnerability in multiple products
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
debian redhat gluster opensuse CWE-59
6.5
6.5
2018-09-04 CVE-2018-10927 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server.
network
low complexity
debian redhat gluster opensuse CWE-20
5.5
5.5
2018-09-04 CVE-2018-10926 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server.
network
low complexity
redhat debian gluster opensuse CWE-20
6.5
6.5