VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Linuxfoundation
>
Ceph
> 14.2.6
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-04-15
CVE-2021-20288
Improper Authentication vulnerability in multiple products
An authentication flaw was found in ceph in versions before 14.2.20.
network
low complexity
linuxfoundation
redhat
fedoraproject
debian
CWE-287
7.2
7.2
2020-06-26
CVE-2020-10753
Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
network
low complexity
redhat
fedoraproject
opensuse
linuxfoundation
canonical
CWE-74
6.5
6.5
2020-04-23
CVE-2020-1760
Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.
network
low complexity
linuxfoundation
redhat
fedoraproject
canonical
debian
CWE-79
6.1
6.1
2020-04-21
CVE-2020-1699
Path Traversal vulnerability in multiple products
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0.
network
low complexity
linuxfoundation
redhat
CWE-22
7.5
7.5
2020-04-13
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session.
network
high complexity
redhat
linuxfoundation
fedoraproject
6.8
6.8