High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2022-03-21	CVE-2022-26148	Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. network low complexity grafana redhat CWE-312	7.5
2021-04-15	CVE-2021-20288	Improper Authentication vulnerability in multiple products An authentication flaw was found in ceph in versions before 14.2.20. network low complexity linuxfoundation redhat fedoraproject debian CWE-287	7.2
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-11-23	CVE-2020-25660	Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject CWE-294	8.8
2020-04-21	CVE-2020-1699	Path Traversal vulnerability in multiple products A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. network low complexity linuxfoundation redhat CWE-22	7.5
2020-03-31	CVE-2020-1712	Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. local low complexity systemd-project redhat debian CWE-416	7.8
2019-11-08	CVE-2019-10222	Improper Handling of Exceptional Conditions vulnerability in multiple products A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. network low complexity ceph redhat fedoraproject CWE-755	7.5
2018-08-29	CVE-2018-15727	Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. network low complexity grafana redhat CWE-287	7.5
2018-08-01	CVE-2016-9579	Improper Input Validation vulnerability in Redhat products A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. network low complexity redhat CWE-20	7.5