Filtered by vendor Gluster
Subscribe
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2021-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | |||||
CVE-2018-1112 | 1 Gluster | 1 Glusterfs | 2019-10-09 | 7.5 HIGH | 8.8 HIGH |
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. | |||||
CVE-2018-10924 | 1 Gluster | 1 Glusterfs | 2019-10-02 | 6.8 MEDIUM | 6.5 MEDIUM |
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. |