Vulnerabilities > Gluster > Glusterfs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-21 | CVE-2022-48340 | Use After Free vulnerability in Gluster Glusterfs 11.0 In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. | 7.5 |
| 2023-02-21 | CVE-2023-26253 | Out-of-bounds Read vulnerability in Gluster Glusterfs 11.0 In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | 7.5 |
| 2018-10-31 | CVE-2018-14651 | Link Following vulnerability in multiple products It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. | 8.8 |
| 2018-06-20 | CVE-2018-10841 | Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products glusterfs is vulnerable to privilege escalation on gluster server nodes. | 8.8 |
| 2018-04-25 | CVE-2018-1112 | Unspecified vulnerability in Gluster Glusterfs glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. | 7.5 |