Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ceph vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-42581
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and previous versions allows malicious users to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. N...
Ramdajs Ramda
4.8
CVSSv3
CVE-2023-1410
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker nee...
Grafana Grafana
7.5
CVSSv3
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration ...
Grafana Grafana
5.5
CVSSv3
CVE-2020-8566
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v...
Kubernetes Kubernetes
5.4
CVSSv3
CVE-2021-4231
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first....
Angular Angular 11.1.0
Angular Angular
NA
CVE-2014-6418
net/ceph/auth_x.c in Ceph, as used in the Linux kernel prior to 3.16.3, does not properly validate auth replies, which allows remote malicious users to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Cep...
Linux Linux Kernel
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
NA
CVE-2021-47000
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry
7.5
CVSSv3
CVE-2023-0836
An information leak vulnerability exists in HAProxy 2.1, 2.2 prior to 2.2.27, 2.3, 2.4 prior to 2.4.21, 2.5 prior to 2.5.11, 2.6 prior to 2.6.8, 2.7 prior to 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitiv...
Haproxy Haproxy 2.7.0
Haproxy Haproxy
Haproxy Haproxy 2.3.0
Haproxy Haproxy 2.1.0
8.8
CVSSv3
CVE-2023-44466
An issue exists in net/ceph/messenger_v2.c in the Linux kernel prior to 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in c...
Linux Linux Kernel
NA
CVE-2022-3931
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »