| 2020-04-29 | CVE-2020-12458 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3. | 5.5 |
| 2020-04-23 | CVE-2020-1760 | Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
| 2020-03-31 | CVE-2019-14905 | Exposure of Resource to Wrong Sphere vulnerability in multiple products
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. | 5.6 |
| 2020-01-02 | CVE-2019-14864 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. | 6.5 |
| 2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 9.1 |
| 2019-11-08 | CVE-2019-10222 | Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. | 7.5 |
| 2019-01-15 | CVE-2018-14662 | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | 5.7 |
| 2019-01-15 | CVE-2018-16846 | It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. | 6.5 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 6.5 |
| 2018-10-09 | CVE-2018-14649 | Unspecified vulnerability in Redhat products
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. network low complexity redhat critical | 9.8 |