MiracleLinux 7 : glusterfs-3.12.2-18.el7 (AXSA:2019-3587:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3587:01 advisory. glusterfs: Improper deserialization in dict.c:dictunserialize can allow attackers to read arbitrary memory CVE-2018-10911 Tenable has extracted the preceding...

MiracleLinux 7 : glusterfs-3.8.4-54.10.el7 (AXSA:2018-3234:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3234:05 advisory. GlusterFS is a key building block of Asianux Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for divers...

MiracleLinux 4 : glusterfs-3.8.4-54.9.AXS4 (AXSA:2018-3123:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3123:02 advisory. It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster...

EUVD-2014-3582

Malware in sbrugna...

EUVD-2018-6556

Malware in sbrugna...

EUVD-2018-2910

Malware in sbrugna...

EUVD-2022-51040

Malicious code in bioql PyPI...

EUVD-2023-30077

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2014-3619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The socketprotostatemachine function in GlusterFS 3.5 allows remote attackers to cause a denial of service infinite loop via a 00000000 fragment header...

Ubuntu 22.04 LTS / 23.04 : GlusterFS vulnerability (USN-6157-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6157-1 advisory. Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of...

CVE-2022-48340

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dhtsetxattrmdscbk use-after-free...

Arbitrary File Overwrite

glusterfs is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the 1 e, 2 local-bricks.list, 3 bricks.err, or 4 limits.conf files in /tmp...

AZL-38872 CVE-2018-14661 affecting package glusterfs for versions less than 5.1-1

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

UBUNTU-CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca3'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffe...

glusterfs: Files can be renamed outside volume

A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume...

Unauthorized Access Vulnerability in glusterfs server

glusterfs server is an open source scalable network file system . A security vulnerability exists in glusterfs server versions prior to 3.10.12 and prior to 4.0.2. An attacker can exploit this vulnerability to mount a gluster storage data volume...

CVE-2014-3619

The socketprotostatemachine function in GlusterFS 3.5 allows remote attackers to cause a denial of service infinite loop via a "00000000" fragment header...

CVE-2014-3619

CVE-2014-3619 affects GlusterFS, specifically the __socket_proto_state_machine in GlusterFS 3.5, where a crafted 00000000 fragment header can trigger a remote denial of service via an infinite loop. Multiple connected sources confirm the root cause in the network handling path and document that a...

CVE-2012-5635

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by 1 tests/volume.rc, 2 extras/hook-scripts/S30samba-stop.sh, and possibly other vectors,...