Vulnerabilities > Redhat > Ceph > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2022-3650 | Unspecified vulnerability in Redhat Ceph 16.2.9 A privilege escalation flaw was found in Ceph. | 7.8 |
| 2020-12-18 | CVE-2020-27781 | Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. | 7.1 |
| 2020-11-23 | CVE-2020-25660 | Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. | 8.8 |
| 2019-01-28 | CVE-2018-16889 | Information Exposure Through Log Files vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. | 7.5 |
| 2018-03-19 | CVE-2018-7262 | NULL Pointer Dereference vulnerability in multiple products In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | 7.5 |