Lucene search
K
GlusterGlusterfs

23 matches found

CVE
CVE
added 2018/09/04 4:0 p.m.296 views

CVE-2018-10930

CVE-2018-10930 affects GlusterFS server: an authenticated attacker can misuse RPC gfs3_rename_req to write outside the gluster volume. Affected product variant shown in connected docs is PowerKVM 3.1; remediation provided via updates to GlusterFS (e.g., Red Hat/CentOS advisories and Debian LTS no...

6.5CVSS7AI score0.02111EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.281 views

CVE-2018-10926

CVE-2018-10926 affects GlusterFS: a flaw in RPC handling of gfs3_mknod_req allows an authenticated remote attacker to write files to arbitrary locations via path traversal and execute arbitrary code on the glusterfs server. The issue is addressed in multiple advisories across distributions (e.g.,...

8.8CVSS8.6AI score0.02599EPSS
CVE
CVE
added 2018/09/04 4:0 p.m.270 views

CVE-2018-10929

CVE-2018-10929 affects GlusterFS (server side), where an authenticated attacker could exploit improper validation in the RPC path (gfs2_create_req) to create arbitrary files and potentially execute arbitrary code on storage server nodes. Connected advisories reference multiple vendors (Debian, Re...

8.8CVSS8.6AI score0.03336EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.267 views

CVE-2018-10928

GlusterFS vulnerability CVE-2018-10928: an authenticated remote attacker could exploit improper validation of RPC requests via gfs3_symlink_req to create arbitrary symlinks outside the volume and potentially execute code on the server. Public advisories document multiple remediation streams acros...

8.8CVSS8.6AI score0.02699EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.261 views

CVE-2018-10927

CVE-2018-10927 affects GlusterFS where an authenticated attacker could abuse RPC gfs3_lookup_req to leak information and cause remote denial of service by crashing the gluster brick process. Exploitation details in connected IBM PowerKVM advisory tied to PowerKVM 3.1; fixed in PowerKVM 3.1.0.2 up...

8.1CVSS7.9AI score0.02771EPSS
CVE
CVE
added 2018/09/04 1:0 p.m.243 views

CVE-2018-10907

CVE-2018-10907 is a vulnerability in GlusterFS where the server-rpc-fopc.c code path allocates fixed-size buffers with alloca(3). An authenticated attacker mounting a Gluster volume could send a string longer than the fixed buffer, causing a stack-based overflow that may crash the glusterfs serve...

8.8CVSS8.5AI score0.03364EPSS
CVE
CVE
added 2018/09/04 1:0 p.m.241 views

CVE-2018-10904

CVE-2018-10904 affects GlusterFS servers. The vulnerability arises from improper sanitization of file paths in the trusted.io-stats-dump extended attribute used by the debug/io-stats translator. An attacker with sufficient access to modify extended attributes on a Gluster volume can create files ...

8.8CVSS8.6AI score0.03024EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.241 views

CVE-2018-10911

CVE-2018-10911 affects glusterfs; the dict_unserialize function mishandles negative key length values, allowing a remote attacker to read memory from other locations into the stored dict value. The IBM PowerKVM advisory (and related Red Hat/CentOS/Debian advisories) document remote-authenticated/...

7.5CVSS7.1AI score0.03071EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.241 views

CVE-2018-10913

CVE-2018-10913 affects GlusterFS server. The vulnerability allows an attacker to issue a xattr request via GlusterFS FUSE to determine the existence of files, causing an information disclosure. The connected Nessus/EulerOS Debian advisories list CVE-2018-10913 among multiple GlusterFS issues and ...

6.5CVSS6.7AI score0.02093EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.237 views

CVE-2018-10914

CVE-2018-10914 is a GlusterFS vulnerability where an attacker can issue a xattr request via glusterfs FUSE to crash the gluster brick process, and if multiplexing is enabled, cause crashes across multiple bricks and volumes, enabling a remote denial of service. The issue is documented across mult...

6.5CVSS7AI score0.02447EPSS
CVE
CVE
added 2018/09/04 2:0 p.m.232 views

CVE-2018-10923

CVE-2018-10923 affects GlusterFS server. The description in the connected documents shows that the vulnerability arises from the mknod(2) pathway, allowing an authenticated attacker to create device files on a GlusterFS server node and read data from any device attached to the server. This indica...

8.1CVSS8AI score0.01672EPSS
CVE
CVE
added 2018/11/01 2:0 p.m.176 views

CVE-2018-14660

CVE-2018-14660 : A flaw in GlusterFS server (versions up to 4.1.4 and 3.1.2) lets a remote, authenticated attacker repeatedly call setxattr on GF_META_LOCK_KEY to create multiple locks for a single inode, leading to memory exhaustion on the GlusterFS server node. Connected documents confirm Glust...

6.5CVSS7AI score0.02515EPSS
CVE
CVE
added 2018/04/25 12:0 p.m.175 views

CVE-2018-1112

Summary (CVE-2018-1112) GlusterFS server before 3.10.12 and 4.0.2 is vulnerable when using the auth.allow option. This allows any unauthenticated Gluster client to connect from any network and mount Gluster volumes. The issue is a regression from CVE-2018-1088. Connected advisories corroborate th...

8.8CVSS7.8AI score0.02384EPSS
CVE
CVE
added 2018/10/31 8:0 p.m.157 views

CVE-2018-14661

Technical details for CVE-2018-14661 are not provided in the connected documents. Public information in the initial entry confirms a format-string vulnerability in GlusterFS, but no affected versions, exploit details, or fixes are included here. Monitor for updates.

6.5CVSS6.9AI score0.02655EPSS
CVE
CVE
added 2018/10/31 9:0 p.m.145 views

CVE-2018-14651

CVE-2018-14651 concerns GlusterFS where the fix for several 2018 CVEs (CVE-2018-10927/10926/10928/10929/10930) was incomplete. An authenticated remote attacker could abuse the flawed RPC/xattr/lookup handling to execute arbitrary code, create files, or cause denial of service on GlusterFS server ...

8.8CVSS7.9AI score0.03225EPSS
CVE
CVE
added 2018/09/04 3:0 p.m.140 views

CVE-2018-10924

CVE-2018-10924: GlusterFS is affected by a memory leak in the fsync(2) path of the GlusterFS client code. The leaky memory can be exploited by an authenticated attacker to trigger a denial-of-service via host memory exhaustion. The description does not specify affected versions or a published fix...

6.8CVSS7AI score0.01881EPSS
CVE
CVE
added 2018/06/20 6:0 p.m.119 views

CVE-2018-10841

GlusterFS on server nodes is vulnerable to privilege escalation via an authenticated TLS client that uses gluster CLI --remote-host to add itself to the trusted storage pool and perform privileged operations (e.g., managing volumes). The description specifies the root cause as a trust-pool escala...

8.8CVSS8.6AI score0.01284EPSS
CVE
CVE
added 2023/02/21 12:0 a.m.99 views

CVE-2023-26253

In CVE-2023-26253, GlusterFS 11.0 is affected by a stack-based buffer over-read in xlators/mount/fuse/src/fuse-bridge.c. Public details across multiple Nessus/Astra/euleros entries confirm this vulnerability in GlusterFS 11.0 (no vendor-provided patch applies to older packages). Some advisories n...

7.5CVSS7.4AI score0.00914EPSS
CVE
CVE
added 2023/02/21 12:0 a.m.95 views

CVE-2022-48340

CVE-2022-48340 affects GlusterFS 11.0, with a use-after-free in xlators/cluster/dht/src/dht-common.c: dht_setxattr_mds_cbk. The issue is in the DHT handling code for extended attributes, leading to potential denial of service or arbitrary behavior as indicated by the CVSSv3.1 metrics (AV:N/AC:L/P...

7.5CVSS7.3AI score0.00871EPSS
CVE
CVE
added 2017/10/26 5:0 p.m.89 views

CVE-2017-15096

GlusterFS (glibster?), specifically glusterfsd, is affected in versions prior to 3.10. The issue is a null pointer dereference in send_brick_req() in gf_attach.c, which can lead to a denial of service. The connected advisories/show updates indicate fixed releases (e.g., Fedora updates for gluster...

3.3CVSS3.5AI score0.00316EPSS
CVE
CVE
added 2012/11/18 11:0 p.m.83 views

CVE-2012-4417

CVE-2012-4417 affects GlusterFS 3.3.0 as used in Red Hat Storage Server 2.0, where local users can overwrite arbitrary files via a symlink attack on temporary files with predictable names. The issue is tied to insecure temporary file creation in GlusterFS components; impact is partial confidentia...

3.6CVSS6.2AI score0.00336EPSS
CVE
CVE
added 2015/03/27 2:0 p.m.74 views

CVE-2014-3619

CVE-2014-3619 affects GlusterFS, specifically the __socket_proto_state_machine in GlusterFS 3.5, where a crafted 00000000 fragment header can trigger a remote denial of service via an infinite loop. Multiple connected sources confirm the root cause in the network handling path and document that a...

5CVSS8.1AI score0.02739EPSS
CVE
CVE
added 2013/04/09 8:0 p.m.73 views

CVE-2012-5635

The CVE-2012-5635 entry concerns GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0. It is caused by a symlink-based attack that lets local users overwrite arbitrary files via multiple temporary files (e.g., tests/volume.rc, extras/hook-scripts/S30sam...

2.1CVSS6.5AI score0.00317EPSS