Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ceph ceph - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32148
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the ...
Golang Go
NA
CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go prior to 1.17.13 and 1.18.5, potentially allowing a denial of service.
Golang Go
NA
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Golang Go
NA
CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an malicious user to ...
Linuxfoundation Ceph
Redhat Ceph Storage
Fedoraproject Fedora 35
Fedoraproject Fedora 36
NA
CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove...
Grafana Grafana
Netapp E-series Performance Analyzer -
NA
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch before 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to...
Grafana Grafana
Netapp E-series Performance Analyzer -
5
CVSSv2
CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried ...
Momentjs Moment
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
5
CVSSv2
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of...
Openssl Openssl
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2022-29526
Go prior to 1.17.10 and 1.18.x prior to 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Golang Go
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Beegfs Csi Driver -
10
CVSSv2
CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Netapp Santricity Smi-s Provider -
Netapp Element Software -
Netapp Ontap Select Deploy Administration Utility -
Netapp Smi-s Provider -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapmanager -
Netapp Ontap Antivirus Connector -
Netapp Bootstrap Os -
Netapp H615c Firmware -
Netapp H610s Firmware -
Netapp H610c Firmware -
Netapp H410c Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »