Vulnerabilities > Redhat > Ceph Storage > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-03-23 CVE-2023-0056 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service.
network
low complexity
haproxy redhat fedoraproject CWE-400
6.5
2023-03-06 CVE-2022-3854 Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0
A flaw was found in Ceph, relating to the URL processing on RGW backends.
network
low complexity
redhat
6.5
2022-08-25 CVE-2021-3979 Improper Authentication vulnerability in multiple products
A key length flaw was found in Red Hat Ceph Storage.
network
low complexity
redhat fedoraproject CWE-287
6.5
2021-05-27 CVE-2021-3509 Unspecified vulnerability in Redhat Ceph Storage 4.0
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component.
network
low complexity
redhat
6.1
2021-05-18 CVE-2021-3531 Reachable Assertion vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21.
network
low complexity
redhat fedoraproject CWE-617
5.3
2021-05-17 CVE-2021-3524 Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21.
network
low complexity
redhat fedoraproject debian CWE-74
6.5
2021-01-08 CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text.
local
low complexity
redhat fedoraproject
4.4
2020-12-08 CVE-2020-25677 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions.
local
low complexity
ceph redhat
5.5
2020-09-30 CVE-2020-25626 Cross-site Scripting vulnerability in multiple products
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2.
network
low complexity
encode redhat debian CWE-79
6.1