Panzura strives to develop products that our customers entrust with their most sensitive information; our goal is to ensure that our products meet the high standard for security our clients demand. This page will list any security vulnerability issues related to Panzura products and outline steps on how to protect them. Each advisory contains detailed information regarding the security vulnerability, affected systems, threat severity, and risk mitigation techniques for the vulnerability.



Product Version

Last Updated

CloudFS-2020-002 LDAP Signing and LDAP Channel Binding All supported versions 08/13/2019
CloudFS-2020-001 Wormable Windows SMBv3 RCE security vulnerabilities All supported versions 04/10/2020
PZOS-2019-001 Impact of Zombieload vulnerability for all Intel based chips on Panzura. All supported versions 05/31/2019
CloudFS-2018-004 Active Directory (AD) accounts admin login security vulnerabilities. All supported versions 11/11/2018
CloudFS-2018-003 FreeBSD security vulnerabilities CVE-2018-5390 and CVE-2018-3615/20/46 PZOS 7.2.X or above 08/30/2018
CloudFS-2018-002 Authenticated users are able to change the passwords for any account. None 03/15/2018
CloudFS-2018-001 OS kernel memory leak vulnerability in Intel processors CloudFS 6.x and 7.x 01/05/2018
PFOS-2017-003 node.js Out of Bounds Access and Denial of Service PFOS – 7.X versions through 07/18/2017
PFOS-2017-002 SAMBA Kerberos Mutual Authentication Vulnerability PFOS – 6.3.X versions through and 7.X versions through 07/28/2017
PZOS-2017-001 SAMBA Remote Code Execution PFOS – All Supported Versions 06/07/17
PZOS-2016-002 Multiple SAMBA Vulnerabilities AKA Badlock PZOS – All Supported Versions 04/18/2016
PZOS-2016-001 DROWN vulnerability PZOS 5.6.x.x or Below 03/31/2016
PZOS-2015-002 Samba is exposed to external attack that could gain root access PZOS (all versions) 02/25/2015
PZOS-2015-001 GHOST: glibc gethostbyname buffer overflow None 01/29/2015
PZOS-2014-005 SSL is vulnerable to man-in-the-middle attack, AKA “POODLE” PZOS or Below 02/25/2015
PZOS-2014-004 GNU-Bash Vulnerability PZOS or Below 09/25/2014
PZOS-2014-003 PZOS Platform Information Disclosure PZOS or Below 06/27/2014
PZOS-2014-002 OpenSSL SSL/TLS Man In The Middle Vulnerability Review PZOS or Below 03/05/2015
PZOS-2014-001 OpenSSL TLS Heartbeat Vulnerability Review PZOS or Below 04/09/2014
PZOS-2013-006 PZOS SSH Privilege Escalation PZOS or Below 09/30/2013
QSCC-2013-001 iDRAC Firmware Update Controllers w/iDRAC6 03/14/2013
PZOS-2013-005 CIFS Buffer Overflow or Below 03/04/2013
PZOS-2013-004 CIFS File Resource Exhaustion or Below 03/04/2013
PZOS-2013-003 CIFS Denial of Service or Below 03/04/2013
PZOS-2013-002 RPC Unauthorized Object Ownership Change or Below 03/04/2013
PZOS-2013-001 RPC Buffer Overflow or Below 03/04/2013

Reporting a Security Vulnerability

Please send information or questions concerning suspected security vulnerabilities to We hope our clients will contact us privately and give Panzura an opportunity to evaluate, confirm, and mitigate the vulnerability before it becomes public knowledge. Panzura encourages our clients to use our public PGP key to encrypt sensitive data sent within the email. Our email public key can be found here.

When reporting an issue please provide the following:

  • A detailed description of the problem
  • A technical contact who can answer questions
  • Your appliance model and software version
  • System logs