Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ceph vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-19337
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway...
Redhat Ceph Storage 3.3
4.3
CVSSv2
CVE-2021-3509
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava...
Redhat Ceph Storage 4.0
1.9
CVSSv2
CVE-2020-10685
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as ass...
Redhat Ansible Tower
Redhat Ansible Engine
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Ceph Storage 2.0
Redhat Storage 3.0
Redhat Openstack 13
Redhat Openstack 15
Debian Debian Linux 10.0
6.6
CVSSv2
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
Redhat Ansible Tower
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 13.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions prior to 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generat...
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
4
CVSSv2
CVE-2018-16846
It was found in Ceph versions prior to 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
2.7
CVSSv2
CVE-2018-14662
It was found Ceph versions prior to 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Redhat Ceph
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
4
CVSSv2
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 up to and including 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related t...
Redhat Ceph
Fedoraproject Fedora 27
6.8
CVSSv2
CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of servi...
Ceph Ceph -
Redhat Openshift Container Storage 4.2
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
6.5
CVSSv2
CVE-2021-20288
An authentication flaw was found in ceph in versions prior to 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a g...
Linuxfoundation Ceph
Redhat Ceph Storage 4.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »