Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/glusterfs@5.1-1?distro=trixie

Type deb

Namespace debian

Name glusterfs

Version 5.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 11.1-1

Latest_non_vulnerable_version 11.2-3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1afs-n1ba-s7bk

vulnerability_id VCID-1afs-n1ba-s7bk

summary The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14659.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14659.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14659

reference_id

reference_type

scores

value	0.02144
scoring_system	epss
scoring_elements	0.84538
published_at	2026-06-04T12:55:00Z

value	0.02144
scoring_system	epss
scoring_elements	0.84563
published_at	2026-06-05T12:55:00Z

value	0.02144
scoring_system	epss
scoring_elements	0.84567
published_at	2026-06-06T12:55:00Z

value	0.02144
scoring_system	epss
scoring_elements	0.84562
published_at	2026-06-07T12:55:00Z

value	0.02144
scoring_system	epss
scoring_elements	0.84551
published_at	2026-06-08T12:55:00Z

value	0.02144
scoring_system	epss
scoring_elements	0.84564
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14659

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1635929
reference_id	1635929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1635929

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14659

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1afs-n1ba-s7bk

url VCID-3ex9-c4qn-pkfg

vulnerability_id VCID-3ex9-c4qn-pkfg

summary It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14651.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14651.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14651

reference_id

reference_type

scores

value	0.02082
scoring_system	epss
scoring_elements	0.84306
published_at	2026-06-04T12:55:00Z

value	0.02082
scoring_system	epss
scoring_elements	0.84329
published_at	2026-06-05T12:55:00Z

value	0.02082
scoring_system	epss
scoring_elements	0.84332
published_at	2026-06-06T12:55:00Z

value	0.02082
scoring_system	epss
scoring_elements	0.84325
published_at	2026-06-07T12:55:00Z

value	0.02082
scoring_system	epss
scoring_elements	0.84314
published_at	2026-06-08T12:55:00Z

value	0.02082
scoring_system	epss
scoring_elements	0.84327
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14651

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1632557
reference_id	1632557
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1632557

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14651

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ex9-c4qn-pkfg

url VCID-4d7j-4s1w-jfcm

vulnerability_id VCID-4d7j-4s1w-jfcm

summary The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14653.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14653.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14653

reference_id

reference_type

scores

value	0.01516
scoring_system	epss
scoring_elements	0.8155
published_at	2026-06-04T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81578
published_at	2026-06-05T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81581
published_at	2026-06-06T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.8158
published_at	2026-06-07T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81572
published_at	2026-06-08T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81588
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1633431
reference_id	1633431
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1633431

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14653

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d7j-4s1w-jfcm

url VCID-d5t6-g2n8-h3gs

vulnerability_id VCID-d5t6-g2n8-h3gs

summary A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14660.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14660.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14660

reference_id

reference_type

scores

value	0.01601
scoring_system	epss
scoring_elements	0.82037
published_at	2026-06-04T12:55:00Z

value	0.01601
scoring_system	epss
scoring_elements	0.82071
published_at	2026-06-06T12:55:00Z

value	0.01601
scoring_system	epss
scoring_elements	0.82073
published_at	2026-06-07T12:55:00Z

value	0.01601
scoring_system	epss
scoring_elements	0.82066
published_at	2026-06-08T12:55:00Z

value	0.01601
scoring_system	epss
scoring_elements	0.82081
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14660

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1635926
reference_id	1635926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1635926

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14660

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5t6-g2n8-h3gs

url VCID-rn12-bksa-ckcy

vulnerability_id VCID-rn12-bksa-ckcy

summary The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14654.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14654.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14654

reference_id

reference_type

scores

value	0.02023
scoring_system	epss
scoring_elements	0.84089
published_at	2026-06-04T12:55:00Z

value	0.02023
scoring_system	epss
scoring_elements	0.84112
published_at	2026-06-05T12:55:00Z

value	0.02023
scoring_system	epss
scoring_elements	0.84116
published_at	2026-06-06T12:55:00Z

value	0.02023
scoring_system	epss
scoring_elements	0.84111
published_at	2026-06-07T12:55:00Z

value	0.02023
scoring_system	epss
scoring_elements	0.841
published_at	2026-06-08T12:55:00Z

value	0.02023
scoring_system	epss
scoring_elements	0.84113
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1631576
reference_id	1631576
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1631576

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14654

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rn12-bksa-ckcy

url VCID-y9ar-186a-17db

vulnerability_id VCID-y9ar-186a-17db

summary It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14661.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14661.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14661

reference_id

reference_type

scores

value	0.02567
scoring_system	epss
scoring_elements	0.85811
published_at	2026-06-04T12:55:00Z

value	0.02567
scoring_system	epss
scoring_elements	0.85833
published_at	2026-06-05T12:55:00Z

value	0.02567
scoring_system	epss
scoring_elements	0.85835
published_at	2026-06-06T12:55:00Z

value	0.02567
scoring_system	epss
scoring_elements	0.85832
published_at	2026-06-07T12:55:00Z

value	0.02567
scoring_system	epss
scoring_elements	0.85817
published_at	2026-06-08T12:55:00Z

value	0.02567
scoring_system	epss
scoring_elements	0.8583
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14661

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1636880
reference_id	1636880
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1636880

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997
reference_id	912997
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997

reference_url	https://security.gentoo.org/glsa/201904-06
reference_id	GLSA-201904-06
reference_type
scores
url	https://security.gentoo.org/glsa/201904-06

reference_url	https://access.redhat.com/errata/RHSA-2018:3431
reference_id	RHSA-2018:3431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3431

reference_url	https://access.redhat.com/errata/RHSA-2018:3432
reference_id	RHSA-2018:3432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3432

reference_url	https://access.redhat.com/errata/RHSA-2018:3470
reference_id	RHSA-2018:3470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3470

reference_url	https://usn.ubuntu.com/USN-4770-1/
reference_id	USN-USN-4770-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4770-1/

fixed_packages

url	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
purl	pkg:deb/debian/glusterfs@5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@9.2-1?distro=trixie

purl pkg:deb/debian/glusterfs@9.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

vulnerability	VCID-r8j9-d89a-ske8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@9.2-1%3Fdistro=trixie

url pkg:deb/debian/glusterfs@10.3-5?distro=trixie

purl pkg:deb/debian/glusterfs@10.3-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71sa-3u8f-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@10.3-5%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
purl	pkg:deb/debian/glusterfs@11.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.1-6%3Fdistro=trixie

url	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
purl	pkg:deb/debian/glusterfs@11.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@11.2-3%3Fdistro=trixie

aliases CVE-2018-14661

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9ar-186a-17db

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glusterfs@5.1-1%3Fdistro=trixie

Package Instance