Product:

Ceph

(Redhat)
Repositories https://github.com/ceph/ceph
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2023-01-17 CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. Ceph 7.8
2017-12-20 CVE-2017-16818 RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. Fedora, Ceph 6.5
2018-03-19 CVE-2018-7262 In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Fedora, Ceph 7.5
2018-07-31 CVE-2016-8626 A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Ceph, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2020-11-23 CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all... Fedora, Ceph, Ceph_storage, Openshift_container_platform 8.8