4.1.7

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-10929	A flaw was found in RPC request using gfs2_create_req in glusterfs server. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10928	A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10927	A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. network low complexity redhat debian gluster opensuse	8.1
2018-09-04	CVE-2018-10926	A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10923	It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. network low complexity gluster redhat debian opensuse	8.1
2018-09-04	CVE-2018-10914	It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. network low complexity gluster redhat debian opensuse	6.5
2018-09-04	CVE-2018-10913	An information disclosure vulnerability was discovered in glusterfs server. network low complexity gluster redhat debian opensuse	6.5
2018-09-04	CVE-2018-10911	A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. network low complexity gluster redhat debian opensuse	7.5
2018-09-04	CVE-2018-10904	It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. network low complexity gluster redhat debian opensuse	8.8
2018-06-20	CVE-2018-10841	glusterfs is vulnerable to privilege escalation on gluster server nodes. network low complexity gluster debian	8.8