Vulnerabilities > Redhat > Ceph > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2022-3650 Unspecified vulnerability in Redhat Ceph 16.2.9
A privilege escalation flaw was found in Ceph.
local
low complexity
redhat
7.8
2020-12-18 CVE-2020-27781 Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
local
low complexity
redhat fedoraproject CWE-522
7.1
2020-11-23 CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus.
low complexity
redhat fedoraproject
8.8
2019-01-28 CVE-2018-16889 Unspecified vulnerability in Redhat Ceph
Ceph does not properly sanitize encryption keys in debug logging for v4 auth.
network
low complexity
redhat
7.5
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5
2018-03-19 CVE-2018-7262 NULL Pointer Dereference vulnerability in multiple products
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
network
low complexity
redhat fedoraproject CWE-476
7.5