Vulnerabilities > Redhat > Ceph > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2020-27839 Unspecified vulnerability in Redhat Ceph
A flaw was found in ceph-dashboard.
network
low complexity
redhat
5.4
2021-05-18 CVE-2021-3531 Reachable Assertion vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21.
network
low complexity
redhat fedoraproject CWE-617
5.3
2021-05-17 CVE-2021-3524 Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21.
network
low complexity
redhat fedoraproject debian CWE-74
6.5
2021-01-08 CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text.
local
low complexity
redhat fedoraproject
4.4
2019-01-15 CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
low complexity
redhat debian opensuse canonical
5.7
2019-01-15 CVE-2018-16846 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
network
low complexity
redhat debian opensuse canonical
6.5
2018-07-31 CVE-2016-8626 Improper Input Validation vulnerability in Redhat products
A flaw was found in Red Hat Ceph before 0.94.9-8.
network
low complexity
redhat CWE-20
6.5
2017-12-20 CVE-2017-16818 Reachable Assertion vulnerability in multiple products
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
network
low complexity
redhat fedoraproject CWE-617
6.5
2016-07-12 CVE-2016-5009 Improper Input Validation vulnerability in Redhat products
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
network
low complexity
redhat CWE-20
6.5