Ceph

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-07	CVE-2020-1700	Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. network low complexity ceph redhat opensuse canonical CWE-400	6.5
2019-11-08	CVE-2019-10222	Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. network low complexity ceph redhat fedoraproject CWE-755	7.5
2018-07-27	CVE-2017-7519	Use of Externally-Controlled Format String vulnerability in multiple products In Ceph, a format string flaw was found in the way libradosstriper parses input from user. local low complexity ceph debian CWE-134	2.1
2018-07-10	CVE-2018-1129	Improper Authentication vulnerability in multiple products A flaw was found in the way signature calculation was handled by cephx authentication protocol. low complexity redhat ceph debian opensuse CWE-287	3.3
2018-07-10	CVE-2018-10861	Improper Authentication vulnerability in multiple products A flaw was found in the way ceph mon handles user requests. network low complexity ceph redhat opensuse debian CWE-287	5.5
2017-12-12	CVE-2017-12155	Missing Authentication for Critical Function vulnerability in Ceph A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. local ceph CWE-306	3.3