Search CVE reports


Toggle filters

21 – 30 of 43 results


CVE-2020-1699

Medium priority
Ignored

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Not affected
Show less packages

CVE-2020-12059

Medium priority
Fixed

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Not affected Fixed
Show less packages

CVE-2020-10753

Medium priority

Some fixes available 13 of 15

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-10736

Medium priority

Some fixes available 2 of 3

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Fixed Not affected
Show less packages

CVE-2019-3821

Medium priority
Fixed

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Not affected
Show less packages

CVE-2019-19337

Medium priority
Not affected

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Not affected
Show less packages

CVE-2019-10222

Medium priority
Fixed

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the...

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Fixed
Show less packages

CVE-2018-7262

Medium priority
Not affected

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph
Show less packages

CVE-2018-16889

Low priority
Fixed

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Fixed
Show less packages

CVE-2018-16846

Medium priority

Some fixes available 2 of 3

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

1 affected package

ceph

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ceph Not affected Not affected Not affected Fixed
Show less packages