VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Gluster
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2018-09-04
CVE-2018-10924
Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs
It was discovered that fsync(2) system call in glusterfs client code leaks memory.
network
low complexity
gluster
CWE-772
6.5
6.5
2018-09-04
CVE-2018-10923
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster
redhat
debian
opensuse
8.1
8.1
2018-09-04
CVE-2018-10914
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service.
network
low complexity
gluster
redhat
debian
opensuse
6.5
6.5
2018-09-04
CVE-2018-10913
An information disclosure vulnerability was discovered in glusterfs server.
network
low complexity
gluster
redhat
debian
opensuse
6.5
6.5
2018-09-04
CVE-2018-10911
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster
redhat
debian
opensuse
7.5
7.5
2018-09-04
CVE-2018-10907
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster
redhat
debian
opensuse
8.8
8.8
2018-09-04
CVE-2018-10904
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster
redhat
debian
opensuse
8.8
8.8
2018-06-20
CVE-2018-10841
glusterfs is vulnerable to privilege escalation on gluster server nodes.
network
low complexity
gluster
debian
8.8
8.8
2018-04-25
CVE-2018-1112
Unspecified vulnerability in Gluster Glusterfs
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes.
network
low complexity
gluster
8.8
8.8
2017-10-26
CVE-2017-15096
NULL Pointer Dereference vulnerability in Gluster Glusterfs
A flaw was found in GlusterFS in versions prior to 3.10.
local
low complexity
gluster
CWE-476
3.3
3.3
«
Previous
1
2
(current)
»