Product:

Ceph_storage

(Redhat)
Repositories https://github.com/ceph/ceph
#Vulnerabilities 46
Date Id Summary Products Score Patch Annotated
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Debian_linux, Backports_sle, Leap, Ansible, Ansible_tower, Ceph_storage, Cloudforms_management_engine, Enterprise_linux 6.5
2019-01-15 CVE-2018-16846 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server 6.5
2019-01-15 CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server 5.7
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. Debian_linux, Ansible_engine, Ansible_tower, Ceph_storage, Openstack_platform 7.1
2019-12-23 CVE-2019-19337 A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server. Ceph_storage 6.5
2018-04-24 CVE-2018-1059 The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. Ubuntu_linux, Data_plane_development_kit, Ceph_storage, Enterprise_linux, Enterprise_linux_fast_datapath, Openshift, Openstack, Virtualization, Virtualization_manager 6.1
2018-07-13 CVE-2018-10875 A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Ubuntu_linux, Debian_linux, Ansible_engine, Ceph_storage, Gluster_storage, Openshift, Openstack, Virtualization, Virtualization_host, Package_hub 7.8
2020-01-02 CVE-2019-14859 A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Python\-Ecdsa, Ceph_storage, Openstack, Virtualization 9.1
2020-12-08 CVE-2020-25677 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. Ceph\-Ansible, Ceph_storage 5.5
2018-07-10 CVE-2018-1128 It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Debian_linux, Leap, Ceph, Ceph_storage, Ceph_storage_mon, Ceph_storage_osd, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5