Skip to main content

Glusterfs

22 CVEs product

Monthly

CVE-2023-26253 HIGH POC This Week

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Glusterfs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-14660 MEDIUM This Month

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server Virtualization +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-14651 HIGH PATCH This Week

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Debian Linux Enterprise Linux Glusterfs
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-14661 MEDIUM This Month

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Glusterfs Debian Linux Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10929 HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10927 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2018-10926 HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-10924 MEDIUM PATCH This Month

It was discovered that fsync(2) system call in glusterfs client code leaks memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Glusterfs
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10923 HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-10914 MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-10913 MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10911 HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs Virtualization Host Enterprise Linux Desktop +4
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-10907 HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow Glusterfs Virtualization Host +3
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-10904 HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host Enterprise Linux Server Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-10841 HIGH PATCH This Week

glusterfs is vulnerable to privilege escalation on gluster server nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Glusterfs Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-1112 HIGH This Week

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glusterfs
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-15096 LOW Monitor

A flaw was found in GlusterFS in versions prior to 3.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2014-3619 MEDIUM This Month

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Glusterfs
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2012-5635 LOW Monitor

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs Storage Management Console Storage Native Client +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4417 LOW Monitor

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs
NVD
CVSS 2.0
3.6
EPSS
0.1%
EPSS 1% CVSS 7.5
HIGH POC This Week

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Glusterfs
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glusterfs Virtualization Host +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Debian Linux +2
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Glusterfs +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux +5
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was discovered that fsync(2) system call in glusterfs client code leaks memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Glusterfs
NVD
EPSS 2% CVSS 8.1
HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host +3
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs +6
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

glusterfs is vulnerable to privilege escalation on gluster server nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Glusterfs Debian Linux
NVD
EPSS 2% CVSS 8.8
HIGH This Week

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glusterfs
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in GlusterFS in versions prior to 3.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Glusterfs
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs +3
NVD
EPSS 0% CVSS 3.6
LOW Monitor

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy