Vulnerabilities > Redhat > Ceph > 12.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-19 | CVE-2018-7262 | NULL Pointer Dereference vulnerability in multiple products In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | 7.5 |
2017-12-20 | CVE-2017-16818 | Reachable Assertion vulnerability in multiple products RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | 6.5 |