Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ceph storage vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of servi...
Ceph Ceph -
Redhat Openshift Container Storage 4.2
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
2.7
CVSSv2
CVE-2018-14662
It was found Ceph versions prior to 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
4
CVSSv2
CVE-2018-16846
It was found in Ceph versions prior to 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
6.4
CVSSv2
CVE-2019-14859
A flaw was found in all python-ecdsa versions prior to 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker coul...
Python-ecdsa Project Python-ecdsa
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 15
Redhat Virtualization 4.0
6.5
CVSSv2
CVE-2021-20288
An authentication flaw was found in ceph in versions prior to 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a g...
Linuxfoundation Ceph
Redhat Ceph Storage 4.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions prior to 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generat...
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
6.6
CVSSv2
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
Redhat Ansible Tower
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 13.0
Debian Debian Linux 10.0
9
CVSSv2
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clus...
Ceph Ceph-ansible
4.3
CVSSv2
CVE-2020-25626
A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject m...
Encode Django Rest Framework
Redhat Ceph Storage 2.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2021-20236
A flaw was found in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentia...
Zeromq Zeromq
Redhat Enterprise Linux 7.0
Redhat Ceph Storage 2.0
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »