Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glusterfs vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-10924
It exists that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
Gluster Glusterfs
187
VMScore
CVE-2017-15096
A flaw was found in GlusterFS in versions before 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
Gluster Glusterfs
320
VMScore
CVE-2012-4417
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
Gluster Glusterfs 3.3.0
NA
CVE-2022-48340
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
Gluster Glusterfs 11.0
NA
CVE-2023-26253
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.
Gluster Glusterfs 11.0
578
VMScore
CVE-2019-10225
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the valu...
Redhat Openshift 4.2
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
481
VMScore
CVE-2018-1069
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
Redhat Openshift 3.7
187
VMScore
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started