Gluster GlusterFS 4.0.0-2

CPE Details

Gluster GlusterFS 4.0.0-2
4.0.0-2
2019-05-09
13h37 +00:00
2019-05-09
13h37 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gluster:glusterfs:4.0.0-2:*:*:*:*:*:*:*

Informations

Vendor

gluster

Product

glusterfs

Version

4.0.0-2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-10924 2018-09-04 13h00 +00:00 It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
6.5
Medium
CVE-2018-10841 2018-06-20 16h00 +00:00 glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
8.8
High