Gluster

Glusterfs

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-26253

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.02.2023 02:15:10
  • Zuletzt bearbeitet 14.03.2025 19:15:41

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.

7.5

CVE-2022-48340

Exploit
  • EPSS 0.08%
  • Veröffentlicht 21.02.2023 02:15:10
  • Zuletzt bearbeitet 14.03.2025 19:15:40

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

6.5

CVE-2018-14660

  • EPSS 1.66%
  • Veröffentlicht 01.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:32

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitivel...

8.8

CVE-2018-14651

  • EPSS 3.57%
  • Veröffentlicht 31.10.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause...

6.5

CVE-2018-14661

  • EPSS 3.1%
  • Veröffentlicht 31.10.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:32

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot...

6.5

CVE-2018-10930

  • EPSS 0.63%
  • Veröffentlicht 04.09.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

8.8

CVE-2018-10929

  • EPSS 0.86%
  • Veröffentlicht 04.09.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:19

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

8.8

CVE-2018-10928

  • EPSS 0.85%
  • Veröffentlicht 04.09.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing any...

8.1

CVE-2018-10927

  • EPSS 1.36%
  • Veröffentlicht 04.09.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.

8.8

CVE-2018-10926

  • EPSS 0.79%
  • Veröffentlicht 04.09.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:19

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.