Vulnerabilities > Redhat > Ceph Storage

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-03-23 CVE-2023-0056 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service.
network
low complexity
haproxy redhat fedoraproject CWE-400
6.5
2023-03-06 CVE-2022-3854 Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0
A flaw was found in Ceph, relating to the URL processing on RGW backends.
network
low complexity
redhat
6.5
2022-08-25 CVE-2021-3979 Improper Authentication vulnerability in multiple products
A key length flaw was found in Red Hat Ceph Storage.
network
low complexity
redhat fedoraproject CWE-287
6.5
2022-07-25 CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system.
network
low complexity
linuxfoundation redhat fedoraproject
critical
9.1
2022-03-21 CVE-2022-26148 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
network
low complexity
grafana redhat CWE-312
critical
9.8
2021-12-08 CVE-2021-4048 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. 9.1
2021-05-28 CVE-2021-20236 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ZeroMQ server in versions before 4.3.3.
network
low complexity
zeromq redhat fedoraproject CWE-787
critical
9.8
2021-05-27 CVE-2021-3509 Unspecified vulnerability in Redhat Ceph Storage 4.0
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component.
network
low complexity
redhat
6.1