Vulnerabilities > Gluster > Glusterfs > 3.12.11

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10911 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster redhat debian opensuse
7.5
7.5
2018-09-04 CVE-2018-10907 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-09-04 CVE-2018-10904 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-06-20 CVE-2018-10841 glusterfs is vulnerable to privilege escalation on gluster server nodes.
network
low complexity
gluster debian
8.8
8.8