4.1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-01	CVE-2018-14660	A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. network low complexity gluster redhat debian	6.5
2018-10-31	CVE-2018-14651	It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. network low complexity debian redhat gluster	8.8
2018-09-04	CVE-2018-10930	A flaw was found in RPC request using gfs3_rename_req in glusterfs server. network low complexity gluster redhat debian opensuse	6.5
2018-09-04	CVE-2018-10929	A flaw was found in RPC request using gfs2_create_req in glusterfs server. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10928	A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10927	A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. network low complexity redhat debian gluster opensuse	8.1
2018-09-04	CVE-2018-10926	A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10924	Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs It was discovered that fsync(2) system call in glusterfs client code leaks memory. network low complexity gluster CWE-772	6.5
2018-09-04	CVE-2018-10923	It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. network low complexity gluster redhat debian opensuse	8.1
2018-09-04	CVE-2018-10914	It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. network low complexity gluster redhat debian opensuse	6.5