CVE-2023-26253

all versions

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

7.5HIGH

CVE-2022-48340

all versions

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

7.5HIGH

CVE-2018-14660

>= 3.1.0 and <= 3.1.2

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A re

6.5MEDIUM

CVE-2018-14651

>= 3.12 and <= 3.12.14

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A

8.8HIGH

CVE-2018-14661

all versions

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluste

6.5MEDIUM

CVE-2018-10930

>= 3.12 and < 3.12.14

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write

6.5MEDIUM

CVE-2018-10929

>= 3.12 and < 3.12.14

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create

8.8HIGH

CVE-2018-10928

>= 3.12 and < 3.12.14

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file path

8.8HIGH

CVE-2018-10927

>= 3.12 and < 3.12.14

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak i

8.1HIGH

CVE-2018-10926

>= 3.12 and < 3.12.14

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw

8.8HIGH

CVE-2018-10924

>= 3.12.11 and < 3.12.14

It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw t

5.3MEDIUM

CVE-2018-10923

>= 3.12.0 and < 3.12.14

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authe

8.1HIGH

CVE-2018-10914

>= 3.12.0 and < 3.12.14

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will re

6.5MEDIUM

CVE-2018-10913

>= 3.12.0 and < 3.12.14

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs

6.5MEDIUM

CVE-2018-10911

>= 3.12.0 and < 3.12.14

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could us

7.5HIGH

CVE-2018-10907

>= 3.12.0 and < 3.12.14

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c al

8.8HIGH

CVE-2018-10904

>= 3.12.0 and < 3.12.14

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which i

8.8HIGH

CVE-2018-10841

< 4.1.8

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster

8.8HIGH

CVE-2018-1112

< 3.10.12

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated glus

8.0HIGH

CVE-2017-15096

<= 3.9.0

A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/g

3.3LOW

CVE-2014-3619

all versions

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) vi

CVE-2012-5635

all versions

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwri

CVE-2012-4417

all versions

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on te