Vulnerabilities > Gluster

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10924 Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs
It was discovered that fsync(2) system call in glusterfs client code leaks memory.
network
low complexity
gluster CWE-772
6.5
2018-09-04 CVE-2018-10923 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster redhat debian opensuse
8.1
2018-09-04 CVE-2018-10914 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service.
network
low complexity
gluster redhat debian opensuse
6.5
2018-09-04 CVE-2018-10913 An information disclosure vulnerability was discovered in glusterfs server.
network
low complexity
gluster redhat debian opensuse
6.5
2018-09-04 CVE-2018-10911 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster redhat debian opensuse
7.5
2018-09-04 CVE-2018-10907 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster redhat debian opensuse
8.8
2018-09-04 CVE-2018-10904 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse
8.8
2018-06-20 CVE-2018-10841 glusterfs is vulnerable to privilege escalation on gluster server nodes.
network
low complexity
gluster debian
8.8
2018-04-25 CVE-2018-1112 Unspecified vulnerability in Gluster Glusterfs
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes.
network
low complexity
gluster
8.8
2017-10-26 CVE-2017-15096 NULL Pointer Dereference vulnerability in Gluster Glusterfs
A flaw was found in GlusterFS in versions prior to 3.10.
local
low complexity
gluster CWE-476
3.3