CVE Tools

gluster

Hardware Firmwareoss-project

21

Cumulative CVEs

5

Monthly snapshots

#30

Peak rank

Top products

glusterfs6 glusterfs-server1

Latest CVEs

The 15 most recently published vulnerabilities affecting gluster.

CVE-2023-26253In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.7.5Feb 21, 2023
CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.7.5Feb 21, 2023
CVE-2018-14660A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple...6.5Nov 1, 2018
CVE-2018-14651It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to exe...8.8Oct 31, 2018
CVE-2018-14661It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, auth...6.5Oct 31, 2018
CVE-2018-10930A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.6.5Sep 4, 2018
CVE-2018-10929A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.8.8Sep 4, 2018
CVE-2018-10928A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could us...8.8Sep 4, 2018
CVE-2018-10927A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster...8.1Sep 4, 2018
CVE-2018-10926A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and exec...8.8Sep 4, 2018
CVE-2018-10924It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consu...5.3Sep 4, 2018
CVE-2018-10923It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and ...8.1Sep 4, 2018
CVE-2018-10914It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enab...6.5Sep 4, 2018
CVE-2018-10913An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.6.5Sep 4, 2018
CVE-2018-10911A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dic...7.5Sep 4, 2018