4.1.7

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-10929	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs2_create_req in glusterfs server. network low complexity debian redhat gluster opensuse CWE-20	6.5
2018-09-04	CVE-2018-10928	Link Following vulnerability in multiple products A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. network low complexity debian redhat gluster opensuse CWE-59	6.5
2018-09-04	CVE-2018-10927	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. network low complexity debian redhat gluster opensuse CWE-20	5.5
2018-09-04	CVE-2018-10926	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. network low complexity redhat debian gluster opensuse CWE-20	6.5
2018-09-04	CVE-2018-10923	Improper Input Validation vulnerability in multiple products It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. network low complexity gluster redhat debian opensuse CWE-20	5.5
2018-09-04	CVE-2018-10914	NULL Pointer Dereference vulnerability in multiple products It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. network low complexity gluster redhat debian opensuse CWE-476	4.0
2018-09-04	CVE-2018-10913	Information Exposure Through an Error Message vulnerability in multiple products An information disclosure vulnerability was discovered in glusterfs server. network low complexity gluster redhat debian opensuse CWE-209	4.0
2018-09-04	CVE-2018-10911	Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. network low complexity gluster redhat debian opensuse CWE-502	5.0
2018-09-04	CVE-2018-10904	Untrusted Search Path vulnerability in multiple products It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. network low complexity gluster redhat debian opensuse CWE-426	6.5
2018-06-20	CVE-2018-10841	Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products glusterfs is vulnerable to privilege escalation on gluster server nodes. network low complexity gluster debian CWE-288	8.8