Vulnerabilities > Redhat > Ceph Storage > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-25 | CVE-2022-0670 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. | 9.1 |
| 2021-12-08 | CVE-2021-4048 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. network low complexity lapack-project openblas-project julialang redhat fedoraproject CWE-125 critical | 9.1 |
| 2021-05-28 | CVE-2021-20236 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the ZeroMQ server in versions before 4.3.3. | 9.8 |
| 2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |
| 2020-11-23 | CVE-2020-25660 | Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. | 8.8 |
| 2020-09-30 | CVE-2020-25626 | Cross-site Scripting vulnerability in multiple products A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. | 6.1 |
| 2020-09-23 | CVE-2020-14365 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. | 6.6 |
| 2020-05-11 | CVE-2020-10685 | Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. | 5.5 |
| 2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 6.4 |
| 2019-01-15 | CVE-2018-14662 | Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | 2.7 |