Vulnerabilities (CVE)

Vendor filter

Gluster Subscribe

Filter

11 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1112 1 Gluster 1 Glusterfs 2019-10-09 7.5
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of...
CVE-2018-10930 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 4.0
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10841 1 Gluster 1 Glusterfs 2019-10-03 6.5
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations...
CVE-2018-14660 2 Redhat, Gluster 5 Gluster Storage, Virtualization Host, Enterprise Linux Server and 2 more 2019-10-03 4.0
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr...
CVE-2018-10927 3 Debian, Redhat, Gluster 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2019-10-03 5.5
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10924 1 Gluster 1 Glusterfs 2019-10-03 6.8
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
CVE-2018-14661 1 Gluster 1 Glusterfs 2019-01-23 4.0
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause...
CVE-2014-3619 3 Gluster, Novell, Opensuse 3 Glusterfs, Opensuse, Opensuse 2018-10-30 5.0
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
CVE-2017-15096 1 Gluster 1 Glusterfs 2017-11-14 2.1
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
CVE-2012-4417 1 Gluster 1 Glusterfs 2017-08-29 3.6
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-5635 2 Gluster, Redhat 4 Storage Native Client, Storage Management Console, Glusterfs and 1 more 2013-04-10 2.1
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2)...