Vulnerabilities > Redhat > Ceph Storage

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2019-10222 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests.
network
low complexity
ceph redhat fedoraproject CWE-755
7.5
2019-01-15 CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
low complexity
redhat debian opensuse canonical
5.7
2019-01-15 CVE-2018-16846 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
network
low complexity
redhat debian opensuse canonical
6.5
2018-12-13 CVE-2018-19039 Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
network
low complexity
grafana redhat netapp CWE-200
6.5
2018-10-09 CVE-2018-14649 Unspecified vulnerability in Redhat products
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode.
network
low complexity
redhat
critical
9.8
2018-08-29 CVE-2018-15727 Improper Authentication vulnerability in multiple products
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
network
low complexity
grafana redhat CWE-287
critical
9.8
2018-08-01 CVE-2016-9579 Unspecified vulnerability in Redhat products
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket.
network
low complexity
redhat
7.5
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-10 CVE-2018-1129 Improper Authentication vulnerability in multiple products
A flaw was found in the way signature calculation was handled by cephx authentication protocol.
low complexity
redhat ceph debian opensuse CWE-287
6.5
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5