Product:

Ceph_storage

(Redhat)
Repositories https://github.com/ceph/ceph
#Vulnerabilities 40
Date Id Summary Products Score Patch Annotated
2020-03-31 CVE-2020-1712 A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. Ceph_storage, Discovery, Enterprise_linux, Migration_toolkit, Openshift_container_platform, Systemd 7.8
2022-03-21 CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. Grafana, Ceph_storage, Storage 9.8
2020-04-29 CVE-2020-12458 An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). Fedora, Grafana, Ceph_storage, Enterprise_linux 5.5
2021-05-27 CVE-2021-3509 A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability. Ceph_storage 6.1
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Debian_linux, Backports_sle, Leap, Ansible, Ansible_tower, Ceph_storage, Cloudforms_management_engine, Enterprise_linux 6.5
2019-01-15 CVE-2018-16846 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server 6.5
2019-01-15 CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server 5.7
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. Debian_linux, Ansible_engine, Ansible_tower, Ceph_storage, Openstack_platform 7.1
2021-12-08 CVE-2021-4048 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. Fedora, Julia, Lapack, Openblas, Ceph_storage, Enterprise_linux, Openshift_container_storage, Openshift_data_foundation 9.1
2020-09-30 CVE-2020-25626 A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. Django_rest_framework, Ceph_storage 6.1