Vulnerabilities > Redhat > Ceph > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-17 | CVE-2022-3650 | Unspecified vulnerability in Redhat Ceph 16.2.9 A privilege escalation flaw was found in Ceph. | 7.8 |
2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |
2020-11-23 | CVE-2020-25660 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. | 8.8 |
2019-01-28 | CVE-2018-16889 | Unspecified vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. | 7.5 |
2018-07-10 | CVE-2018-1128 | Improper Authentication vulnerability in multiple products It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. | 7.5 |
2018-03-19 | CVE-2018-7262 | NULL Pointer Dereference vulnerability in multiple products In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | 7.5 |