Vulnerabilities > Redhat > Ceph Storage > 2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-25	CVE-2022-0670	A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. network low complexity linuxfoundation redhat fedoraproject critical	9.1
2021-12-08	CVE-2021-4048	An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. network low complexity lapack-project openblas-project julialang redhat fedoraproject critical	9.1
2021-05-28	CVE-2021-20236	Out-of-bounds Write vulnerability in multiple products A flaw was found in the ZeroMQ server in versions before 4.3.3. network low complexity zeromq redhat fedoraproject CWE-787 critical	9.8
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-11-23	CVE-2020-25660	A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject	8.8
2020-09-30	CVE-2020-25626	Cross-site Scripting vulnerability in multiple products A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. network low complexity encode redhat debian CWE-79	6.1
2020-09-23	CVE-2020-14365	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. local low complexity redhat debian	7.1
2020-05-11	CVE-2020-10685	Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. local low complexity redhat debian CWE-459	5.5
2020-01-02	CVE-2019-14859	Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. network low complexity python-ecdsa-project redhat CWE-347 critical	9.1
2019-01-15	CVE-2018-14662	It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical	5.7