Vulnerabilities > Redhat > Ceph Storage > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2021-04-15 CVE-2021-20288 Improper Authentication vulnerability in multiple products
An authentication flaw was found in ceph in versions before 14.2.20.
7.2
2020-12-18 CVE-2020-27781 Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
local
low complexity
redhat fedoraproject CWE-522
7.1
2020-11-23 CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus.
low complexity
redhat fedoraproject
8.8
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian
7.1
2020-04-21 CVE-2020-1699 Path Traversal vulnerability in multiple products
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0.
network
low complexity
linuxfoundation redhat CWE-22
7.5
2020-03-31 CVE-2020-1712 Use After Free vulnerability in multiple products
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.
local
low complexity
systemd-project redhat debian CWE-416
7.8
2019-11-08 CVE-2019-10222 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests.
network
low complexity
ceph redhat fedoraproject CWE-755
7.5
2018-08-01 CVE-2016-9579 Unspecified vulnerability in Redhat products
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket.
network
low complexity
redhat
7.5
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8