Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Gluster Subscribe
Filtered by product Glusterfs

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10930 4 Debian, Gluster, Opensuse and 1 more 7 Debian Linux, Glusterfs, Leap and 4 more 2021-12-10 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-14661 3 Debian, Gluster, Redhat 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
CVE-2018-14660 3 Debian, Gluster, Redhat 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVE-2018-10913 3 Debian, Gluster, Redhat 4 Debian Linux, Glusterfs, Enterprise Linux Server and 1 more 2021-11-17 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2018-10914 3 Debian, Gluster, Redhat 4 Debian Linux, Glusterfs, Enterprise Linux Server and 1 more 2021-11-17 4.0 MEDIUM 6.5 MEDIUM
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
CVE-2018-10924 1 Gluster 1 Glusterfs 2019-10-03 6.8 MEDIUM 6.5 MEDIUM
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.