Vulnerabilities > Gluster > Glusterfs > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-01 CVE-2018-14660 Resource Exhaustion vulnerability in multiple products
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr.
network
low complexity
gluster redhat debian CWE-400
6.5
6.5
2018-10-31 CVE-2018-14661 Improper Input Validation vulnerability in multiple products
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster debian redhat CWE-20
6.5
6.5
2018-09-04 CVE-2018-10930 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_rename_req in glusterfs server.
network
low complexity
gluster redhat debian opensuse CWE-20
4.0
4.0
2018-09-04 CVE-2018-10929 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs2_create_req in glusterfs server.
network
low complexity
debian redhat gluster opensuse CWE-20
6.5
6.5
2018-09-04 CVE-2018-10928 Link Following vulnerability in multiple products
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
debian redhat gluster opensuse CWE-59
6.5
6.5
2018-09-04 CVE-2018-10927 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server.
network
low complexity
debian redhat gluster opensuse CWE-20
5.5
5.5
2018-09-04 CVE-2018-10926 Improper Input Validation vulnerability in multiple products
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server.
network
low complexity
redhat debian gluster opensuse CWE-20
6.5
6.5
2018-09-04 CVE-2018-10924 Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs
It was discovered that fsync(2) system call in glusterfs client code leaks memory.
network
low complexity
gluster CWE-772
6.8
6.8
2018-09-04 CVE-2018-10923 Improper Input Validation vulnerability in multiple products
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster redhat debian opensuse CWE-20
5.5
5.5
2018-09-04 CVE-2018-10914 NULL Pointer Dereference vulnerability in multiple products
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service.
network
low complexity
gluster redhat debian opensuse CWE-476
4.0
4.0