Search CVE reports

1 – 10 of 41 results

Detailed view

Sort by:

CVE-2023-43040

Medium priority

Some fixes available 7 of 8

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2022-3854

Medium priority

Fixed

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	—	Fixed	Not affected	Not affected	Not affected

CVE-2022-3650

Medium priority

Some fixes available 6 of 7

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Fixed	Fixed	Fixed	Not affected	Not affected

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss...

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Not affected	Not affected	Fixed	Fixed	Needs evaluation

CVE-2022-0670

Medium priority

Some fixes available 3 of 5

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager....

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Not affected	Fixed	Fixed	Not affected	Needs evaluation

CVE-2021-46322

Medium priority

Vulnerable

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.

14 affected packages

ceph, duktape, mariadb-10.0, mariadb-10.1, mariadb-10.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
duktape	Not affected	Not affected	Vulnerable	Needs evaluation	Ignored
mariadb-10.0	Not in release	Not in release	Not in release	Not in release	Needs evaluation
mariadb-10.1	Not in release	Not in release	Not in release	Needs evaluation	Not in release
mariadb-10.3	Not in release	Not in release	Needs evaluation	Not in release	Not in release
mariadb-10.5	—	—	Not in release	Not in release	Not in release
mariadb-5.5	Not in release	Not in release	Not in release	Not in release	Not in release
mysql-5.5	Not in release	Not in release	Not in release	Not in release	Not in release
mysql-5.6	Not in release	Not in release	Not in release	Not in release	Not in release
mysql-5.7	Not in release	Not in release	Not in release	Not affected	Not affected
mysql-8.0	Not affected	Not affected	Not affected	Not in release	Not in release
percona-server-5.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
percona-xtradb-cluster-5.5	Not in release	Not in release	Not in release	Not in release	Not in release
percona-xtradb-cluster-5.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2021-3509

Medium priority

Fixed

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the...

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	—	Fixed	Fixed	Not affected	Not affected

CVE-2020-27839

Medium priority

Fixed

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The...

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	—	Fixed	Fixed	Not affected	Not affected

CVE-2021-3531

Medium priority

Some fixes available 10 of 12

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest...

1 affected packages

ceph

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ceph	Fixed	Fixed	Fixed	Fixed	Vulnerable

Export to JSON

Results by page: