Gluster

Glusterfs

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-26253

Exploit
  • EPSS 0.05%
  • Published 21.02.2023 02:15:10
  • Last modified 14.03.2025 19:15:41

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

7.5

CVE-2022-48340

Exploit
  • EPSS 0.08%
  • Published 21.02.2023 02:15:10
  • Last modified 14.03.2025 19:15:40

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

6.5

CVE-2018-14660

  • EPSS 1.66%
  • Published 01.11.2018 14:29:00
  • Last modified 21.11.2024 03:49:32

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitivel...

8.8

CVE-2018-14651

  • EPSS 3.57%
  • Published 31.10.2018 22:29:00
  • Last modified 21.11.2024 03:49:30

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause...

6.5

CVE-2018-14661

  • EPSS 3.1%
  • Published 31.10.2018 20:29:00
  • Last modified 21.11.2024 03:49:32

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot...

6.5

CVE-2018-10930

  • EPSS 0.63%
  • Published 04.09.2018 16:29:00
  • Last modified 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

8.8

CVE-2018-10929

  • EPSS 0.86%
  • Published 04.09.2018 16:29:00
  • Last modified 21.11.2024 03:42:19

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

8.8

CVE-2018-10928

  • EPSS 0.85%
  • Published 04.09.2018 15:29:00
  • Last modified 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing any...

8.1

CVE-2018-10927

  • EPSS 1.36%
  • Published 04.09.2018 15:29:00
  • Last modified 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.

8.8

CVE-2018-10926

  • EPSS 0.79%
  • Published 04.09.2018 15:29:00
  • Last modified 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.