Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ceph storage vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Tower 3.0
Redhat Ansible Engine
Redhat Ansible Tower
Redhat Ceph Storage 3.0
Redhat Ceph Storage 2.0
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2018-16846
It was found in Ceph versions prior to 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Enterprise Linux Server 7.0
Redhat Ceph Storage 3.0
Redhat Ceph Storage 2.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
5.7
CVSSv3
CVE-2018-14662
It was found Ceph versions prior to 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Enterprise Linux Server 7.0
Redhat Ceph Storage 3.0
Redhat Ceph Storage 2.0
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
6.5
CVSSv3
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions prior to 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generat...
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-20236
A flaw was found in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentia...
Zeromq Zeromq
Redhat Enterprise Linux 7.0
Redhat Ceph Storage 2.0
Fedoraproject Fedora 33
6.5
CVSSv3
CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of servi...
Ceph Ceph -
Redhat Openshift Container Storage 4.2
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
7.2
CVSSv3
CVE-2021-20288
An authentication flaw was found in ceph in versions prior to 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a g...
Linuxfoundation Ceph
Redhat Ceph Storage 4.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2020-25626
A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject m...
Encode Django Rest Framework
Redhat Ceph Storage 2.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2018-16889
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Redhat Ceph
7.8
CVSSv3
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei...
Systemd Project Systemd
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Discovery -
Redhat Migration Toolkit 1.0
Redhat Ceph Storage 4.0
Debian Debian Linux 9.0
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2023-38506
CVE-2024-37198
CVE-2023-45197
CVE-2024-38621
CVE-2024-30103
elevation of privilege
CVE-2024-0044
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »