Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ceph storage vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-12458
An information-disclosure flaw was found in Grafana up to and including 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource p...
Grafana Grafana
Redhat Ceph Storage 3.0
Redhat Enterprise Linux 8.0
Redhat Ceph Storage 4.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5.5
CVSSv3
CVE-2020-10685
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as ass...
Redhat Ansible Tower
Redhat Ansible Engine
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Ceph Storage 2.0
Redhat Storage 3.0
Redhat Openstack 13
Redhat Openstack 15
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava...
Redhat Ceph Storage 4.0
6.5
CVSSv3
CVE-2019-19337
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway...
Redhat Ceph Storage 3.3
6.5
CVSSv3
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the ...
Redhat Ceph Storage 3.0
Redhat Ceph Storage 4.0
Redhat Openstack 15
Fedoraproject Fedora 32
Opensuse Leap 15.1
Linuxfoundation Ceph
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
6.8
CVSSv3
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability exists in the secure mode of the messenger v2 protocol, which can allow an malicious user to forge auth tags and potentially manipulate the data by l...
Redhat Openshift 4.2
Redhat Ceph Storage 4.0
Redhat Openstack 15
Linuxfoundation Ceph
Fedoraproject Fedora 31
9.1
CVSSv3
CVE-2019-14859
A flaw was found in all python-ecdsa versions prior to 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker coul...
Python-ecdsa Project Python-ecdsa
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 15
Redhat Virtualization 4.0
6.1
CVSSv3
CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Linuxfoundation Ceph
Redhat Ceph Storage 3.0
Redhat Openshift Container Platform 4.2
Redhat Ceph Storage 4.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
9.1
CVSSv3
CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an malicious user to ...
Linuxfoundation Ceph
Redhat Ceph Storage
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5.3
CVSSv3
CVE-2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »