Skip to main content

Gluster Storage

16 CVEs product

Monthly

CVE-2020-10763 Go MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-3880 MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba Debian Linux Gluster Storage +3
NVD
CVSS 3.1
5.4
EPSS
3.4%
CVE-2019-3831 MEDIUM PATCH This Month

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vdsm Gluster Storage
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2018-14654 MEDIUM This Month

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gluster Storage Enterprise Linux Server Enterprise Linux Virtualization Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2018-14653 HIGH This Week

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Gluster Storage Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-14652 MEDIUM This Month

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Gluster Storage Debian Linux Enterprise Virtualization Host +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-1000808 PyPI MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl Ubuntu Linux Gluster Storage +4
NVD GitHub
CVSS 3.0
5.9
EPSS
1.9%
CVE-2018-1127 HIGH PATCH This Week

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Red Hat Information Disclosure Gluster Storage
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10875 PyPI HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-1088 HIGH PATCH This Week

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Gluster Storage Virtualization Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
8.1
EPSS
5.4%
CVE-2017-15087 HIGH This Week

It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-15086 HIGH This Week

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2017-15085 MEDIUM This Month

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-1795 HIGH This Week

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat Privilege Escalation Gluster Storage
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-5242 MEDIUM This Month

OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Python Code Injection Gluster Storage
NVD
CVSS 2.0
6.0
EPSS
1.2%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage +2
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba +5
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vdsm Gluster Storage
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gluster Storage Enterprise Linux Server +4
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow +4
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Gluster Storage +4
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl +6
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Red Hat Information Disclosure Gluster Storage
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage +8
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Gluster Storage Virtualization +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
EPSS 0% CVSS 7.4
HIGH This Week

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Gluster Storage
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat Privilege Escalation +1
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Python Code Injection +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy